com.zaxxer:nuprocess@2.0.0 vulnerabilities
-
latest version
2.0.6
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
a year ago
-
licenses detected
- [0.9.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.zaxxer:nuprocess package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Arbitrary Command Injection due to improper user-input sanitization, allowing attackers to use NUL characters in their strings in order to craft a malicious payload. ** Note: ** Java's ProcessBuilder isn't vulnerable because of a check in ProcessBuilder.start. NuProcess is missing that check. This vulnerability can only be exploited to inject command line arguments on Linux. How to fix Arbitrary Command Injection? Upgrade |
[1.2.0,2.0.5)
|