Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsThere is no fixed version for alfred-workflow-nodejs
.
alfred-workflow-nodejs is an Alfred workflow nodejs module
Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in any of the key values.
var AlfredNode = require('alfred-workflow-nodejs'); var utils = AlfredNode.utils;
utils.wfVars.remove(' "; whoami>hacked #', false);