Nerdy People Matriculate
Severity: critical

Command Injection

samsung-remote

Overview

Versions of samsung-remote before 1.3.5 are vulnerable to command injection. This vulnerability is exploitable if user input is passed into the ip option of the package constructor.

Remediation

Update to version 1.3.5 or later.

Advisory timeline

  1. Created

    2018-11-07T22:21:37.901Z
  2. Updated

    2018-11-07T22:21:45.927Z