Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JS-GOOGLECLOUDSTORAGECOMMANDS-1050431
- published 5 Jan 2021
- disclosed 5 Jan 2021
- credit JHU System Security Lab
How to fix?
There is no fixed version for
Affected versions of this package are vulnerable to Command Injection.
var root = require("google-cloudstorage-commands"); root.upload("./","& touch JHU", true);