npm

Severity: critical

Command Injection

samsung-remote

Overview

Versions of samsung-remote before 1.3.5 are vulnerable to command injection. This vulnerability is exploitable if user input is passed into the ip option of the package constructor.

Remediation

Update to version 1.3.5 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. Created

    2018-11-07T22:21:37.901Z
  2. Updated

    2018-11-07T22:21:45.927Z