Arbitrary Command Execution Vulnerability in Growl (before 1.10.2)

Arbitrary Command Execution Vulnerability in Growl (before 1.10.2)

CVE-2017-16042 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

Learn more about our Web Application Penetration Testing UK.