Your submission was sent successfully! Close

CVE-2016-10541

Published: 31 May 2018

The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
node-shell-quote
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable

cosmic Not vulnerable

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist