CVE-2020-7789

OS Command Injection in node-notifier

Description

This affects the package node-notifier before 8.0.1. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

JavaScript

Publish Date

December 21, 2020

Modified Date

January 14, 2025

Score Vector

Affected Versions