Arbitrary Command Execution in closure-compiler-stream 0.1.15

Arbitrary Command Execution in closure-compiler-stream 0.1.15

CVE-2020-7603 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization.

Learn more about our User Device Pen Test.