Newton's Programmatic Measurements
    Severity: high

    Remote Code Execution

    node-os-utils

    Overview

    Versions of node-os-utils prior to 1.1.0 are vulnerable to Remote Code Execution. Due to insufficient input validation an attacker could run arbitrary commands on the server thus rendering the package vulnerable to Remote Code Execution.

    Remediation

    Upgrade to version 1.1.0 or later.

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Feb 14th, 2019
    2. reported

      Reported by Frank Tip
      Feb 14th, 2019