CVE-2022-38545

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in npm/valine

Identifiers

CVE-2022-38545, GHSA-mcvg-g9wx-v5vx

Package Slug

npm/valine

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.

Affected Versions

Version 1.4.18

Solution

Upgrade to version 1.5.0 or above.

Last Modified

2022-09-22

source