CVE-2021-41088

Exposure of Resource to Wrong Sphere in npm/elvish

Identifier

CVE-2021-41088

Package Slug

npm/elvish

Vulnerability

Exposure of Resource to Wrong Sphere

Description

Elvish is a programming language and interactive shell, combined into one package. Elvish's web UI backend (started by elvish -web) hosts an endpoint that allows executing the code sent from the web UI.

Affected Versions

All versions before 0.14.0

Solution

Upgrade to version 1.0.0 or above.

Last Modified

2021-10-10

source