wizard-syncronizer@0.0.1 vulnerabilities

Node.js runtime environment is required. Clone the repo and execute the following command:

latest version

0.0.1

first published

10 years ago

latest version published

10 years ago

licenses detected

Unknown
>=0

View wizard-syncronizer package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the wizard-syncronizer package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Command Injection wizard-syncronizer is a wizard syncronizer package. Affected versions of this package are vulnerable to Command Injection. The package does not validate input on the `cloneAndSync` function and concatenates this input to an exec call. This can be abused through a malicious widget containing the payload in the `gitURL` value or through a MITM attack since the package does not enforce HTTPS. How to fix Command Injection? There is no fixed version for `wizard-syncronizer`.	*

Command Injection

wizard-syncronizer is a wizard syncronizer package.

Affected versions of this package are vulnerable to Command Injection. The package does not validate input on the cloneAndSync function and concatenates this input to an exec call. This can be abused through a malicious widget containing the payload in the gitURL value or through a MITM attack since the package does not enforce HTTPS.

How to fix Command Injection?

There is no fixed version for wizard-syncronizer.

Go back to all versions of this package