Advisories for Npm/Tomato package

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in tomato.

The tomato API uses an access key to protect the admin API from unauthorized access. The key passed as parameter is checked to see if it is included in the configured value, not equal. As a result a single character contained in the key is sufficient to gain access to the admin API.