GMS-2020-493: Command Injection in samsung-remote

September 1, 2020 (updated September 24, 2021)

Versions of samsung-remote are vulnerable to command injection. This vulnerability is exploitable if user input is passed into the ip option of the package constructor. Update to or later.

References

github.com/advisories/GHSA-xhjx-mfr6-9rr4
github.com/nodejs/security-wg/blob/master/vuln/npm/465.json
hackerone.com/reports/394294
www.npmjs.com/advisories/734

Detect and mitigate GMS-2020-493 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →