Severity: critical

Command Injection

growl

Overview

Affected versions of growl do not properly sanitize input prior to passing it into a shell command, allowing for arbitrary command execution.

Remediation

Update to version 1.10.2 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jul 5th, 2017
  2. reported

    Sep 6th, 2016