CVE-2023-42282, GHSA-78xj-cgh5-2h22
npm/ip
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.
All versions up to 1.1.8
Upgrade to version 2.0.0 or above.
2024-02-12
source |