View all vulnerabilities

CVE-2017-16042

Growl before 1.10.0 vulnerable to Command Injection

Description

Affected versions of `growl` do not properly sanitize input prior to passing it into a shell command, allowing for arbitrary command execution. ## Recommendation Update to version 1.10.0 or later.
Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
9.8
Score Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Versions
growl < 1.10.0
Severity
Critical
Critical
Critical
Ecosystem
JavaScript
Publish Date
June 8, 2018
Modified Date
November 7, 2023