CVE-2020-4066

OS Command Injection in npm/limdu

Identifiers

CVE-2020-4066, GHSA-77qv-gh6f-pgh4

Package Slug

npm/limdu

Vulnerability

OS Command Injection

Description

In Limdu, the trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.

Affected Versions

All versions before 0.95

Solution

Upgrade to version 0.95 or above.

Last Modified

2020-07-02

source