CVE-2016-10592: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

February 18, 2019 (updated January 8, 2021)

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

References

github.com/advisories/GHSA-5w4p-h4gm-3w26
github.com/jser/stat-js/blob/master/data/url-mapping.js
nodesecurity.io/advisories/188
nvd.nist.gov/vuln/detail/CVE-2016-10592
www.npmjs.com/advisories/188

Detect and mitigate CVE-2016-10592 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →