Candidate: CVE-2017-16042
PublicDate: 2018-06-04 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16042
 https://github.com/tj/node-growl/pull/61
 https://nodesecurity.io/advisories/146
 https://github.com/tj/node-growl/issues/60
Description:
 Growl adds growl notification support to nodejs. Growl before 1.10.2 does
 not properly sanitize input before passing it to exec, allowing for
 arbitrary command execution.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900868
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_node-growl:
upstream_node-growl: released (1.10.2)
precise/esm_node-growl: DNE
trusty_node-growl: ignored (reached end-of-life)
trusty/esm_node-growl: DNE (trusty was needed)
xenial_node-growl: ignored (end of standard support, was needed)
artful_node-growl: ignored (reached end-of-life)
bionic_node-growl: needed
cosmic_node-growl: not-affected (1.10.5-2)
disco_node-growl: not-affected (1.10.5-2)
eoan_node-growl: not-affected (1.10.5-2)
focal_node-growl: not-affected (1.10.5-2)
groovy_node-growl: not-affected (1.10.5-2)
hirsute_node-growl: not-affected (1.10.5-2)
impish_node-growl: not-affected (1.10.5-2)
jammy_node-growl: not-affected (1.10.5-2)
devel_node-growl: not-affected (1.10.5-2)