Vulnerability Description
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Growl Project | Growl | < 1.10.2 |
Related Weaknesses (CWE)
References
- https://github.com/tj/node-growl/issues/60Third Party Advisory
- https://github.com/tj/node-growl/pull/61PatchThird Party Advisory
- https://nodesecurity.io/advisories/146Third Party Advisory
- https://github.com/tj/node-growl/issues/60Third Party Advisory
- https://github.com/tj/node-growl/pull/61PatchThird Party Advisory
- https://nodesecurity.io/advisories/146Third Party Advisory
FAQ
What is CVE-2017-16042?
CVE-2017-16042 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
How severe is CVE-2017-16042?
CVE-2017-16042 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-16042?
Check the references section above for vendor advisories and patch information. Affected products include: Growl Project Growl.