Arbitrary Command Execution in closure-compiler-stream 0.1.15
CVE-2020-7603 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization.
Learn more about our User Device Pen Test.