Homepage

utcp-cli@1.0.2

UTCP communication protocol plugin for wrapping local command-line tools.

  • latest version

    1.1.3

  • latest non vulnerable version

    1.1.3

  • first published

    9 months ago

  • latest version published

    23 days ago

  • licenses detected

  • View utcp-cli package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the utcp-cli package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Exposure of Sensitive Information Through Environmental Variables

    utcp-cli is an UTCP communication protocol plugin for wrapping local command-line tools.

    Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Environmental Variables via the _prepare_environment function. An attacker can access and exfiltrate sensitive environment variables by injecting malicious commands into subprocess calls.

    How to fix Exposure of Sensitive Information Through Environmental Variables?

    Upgrade utcp-cli to version 1.1.2 or higher.

    [,1.1.2)
    • C
    Command Injection

    utcp-cli is an UTCP communication protocol plugin for wrapping local command-line tools.

    Affected versions of this package are vulnerable to Command Injection via the _substitute_utcp_args function. An attacker can execute arbitrary shell commands by supplying crafted input to the tool_args parameter, which is inserted directly into shell command strings without sanitization or escaping.

    How to fix Command Injection?

    Upgrade utcp-cli to version 1.1.2 or higher.

    [,1.1.2)
    Go back to all versions of this package