CVE-2019-10789

Published February 6th, 2020

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

HIGH

Affected

PROJECT

Description

All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization.

hgarcia/curling

A node wrapper for curl with a very simple api.

GitHub