Homepage
About Snyk

dcnnt@0.4.0 vulnerabilities

UI-less tool to connect Android phone with desktop

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the dcnnt package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Command Injection

dcnnt is an UI-less tool to connect Android phone with desktop

Affected versions of this package are vulnerable to Command Injection when processing arguments in the main() function in dcnnt/plugins/notifications.py without escaping. An attacker can execute arbitrary commands while a notification is showing.

How to fix Command Injection?

Upgrade dcnnt to version 0.9.1 or higher.

[,0.9.1)
  • C
Command Injection

dcnnt is an UI-less tool to connect Android phone with desktop

Affected versions of this package are vulnerable to Command Injection due to passing of unescaped text to the arguments of notification command in dcnnt/plugins/notifications.py.

How to fix Command Injection?

Upgrade dcnnt to version 0.9.1 or higher.

[,0.9.1)
Go back to all versions of this package