CVE-2022-38545, GHSA-mcvg-g9wx-v5vx
npm/valine
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.
Version 1.4.18
Upgrade to version 1.5.0 or above.
2022-09-22
source |