electerm: electerm_install_script_CommandInjection Vulnerability Report
What kind of vulnerability is it? Who is impacted? Two Command Injection vulnerabilities in electerm: macOS Installer (electerm_CommandInjection_02): A command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac() function appends attacker-controlled remote releaseInfo.name directly into an exec("open …") command without validation. Linux Installer (electerm_CommandInjection_01): A command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux() function appends attacker-controlled remote version strings directly into an exec("rm -rf …") command without validation. Who is impacted: …