CVE-2019-10804
Published
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation.
:id: Reads the machine's serial number (a.k.a. service/asset tag) or Amazon EC2 instance-id
GitHub