Candidate: CVE-2016-10541
PublicDate: 2018-05-31 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10541
 https://nodesecurity.io/advisories/117
Description:
 The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">"
 and "<" operator used for redirection in shell. Applications that depend on
 shell-quote may also be vulnerable. A malicious user could perform code
 injection.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_node-shell-quote:
upstream_node-shell-quote: needs-triage
precise/esm_node-shell-quote: DNE
trusty_node-shell-quote: DNE
trusty/esm_node-shell-quote: DNE
xenial_node-shell-quote: DNE
artful_node-shell-quote: ignored (reached end-of-life)
bionic_node-shell-quote: not-affected
cosmic_node-shell-quote: not-affected
devel_node-shell-quote: not-affected