windows-cpu before 0.1.5 will execute arbitrary code passed into the first argument of the
findLoad method, resulting in remote code execution.
Proof of Concept
var win = require('windows-cpu'); wind.findLoad('foo & calc.exe');
Update to version 0.1.5 or later.
Have content suggestions? Send them to [email protected]
publishedAdvisory publishedMay 19th, 2017
reportedInitial report by Daniel BondApr 17th, 2017