{
  "schema_version": "1.4.0",
  "id": "GHSA-j9f8-8h89-j69x",
  "modified": "2021-08-04T21:06:49Z",
  "published": "2019-06-11T16:16:34Z",
  "aliases": [],
  "summary": "Remote Code Execution in node-os-utils",
  "details": "Versions of `node-os-utils` prior to 1.1.0 are vulnerable to Remote Code Execution. Due to insufficient input validation an attacker could run arbitrary commands on the server thus rendering the package vulnerable to Remote Code Execution.\n\n\n## Recommendation\n\nUpgrade to version 1.1.0 or later.",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "node-os-utils"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/SunilWang/node-os-utils/issues/2"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-NODEOSUTILS-173696"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/784"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2019-06-11T16:08:05Z",
    "nvd_published_at": null
  }
}