CVE-2019-10791

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
18/02/2020
Last modified:
07/11/2023

Description

promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:promise-probe_project:promise-probe:*:*:*:*:*:node.js:*:* 0.10.0 (excluding)