You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Arbitrary Code Injection
Vulnerable module: growl
Introduced through: truffle@4.1.5
Detailed paths
Introduced through: erc20-tokens@ConsenSys/Tokens#df959c7db75cc5fbb1591775353733958b3ceca1 › truffle@4.1.5 › mocha@3.5.3 › growl@1.9.2
Remediation: Upgrade to truffle@4.1.9.
Overview
growl is a package adding Growl support for Nodejs.
Affected versions of this package are vulnerable to Arbitrary Code Injection due to unsafe use of the eval() function. Node.js provides the eval() function by default, and is used to translate strings into Javascript code. An attacker can craft a malicious payload to inject arbitrary commands.
Arbitrary Code Injection vulnerability report
The text was updated successfully, but these errors were encountered:
Arbitrary Code Injection
Vulnerable module: growl
Introduced through: truffle@4.1.5
Detailed paths
Introduced through: erc20-tokens@ConsenSys/Tokens#df959c7db75cc5fbb1591775353733958b3ceca1 › truffle@4.1.5 › mocha@3.5.3 › growl@1.9.2
Remediation: Upgrade to truffle@4.1.9.
Overview
growl is a package adding Growl support for Nodejs.
Affected versions of this package are vulnerable to Arbitrary Code Injection due to unsafe use of the eval() function. Node.js provides the eval() function by default, and is used to translate strings into Javascript code. An attacker can craft a malicious payload to inject arbitrary commands.
Arbitrary Code Injection vulnerability report
The text was updated successfully, but these errors were encountered: