Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.
References
Link | Resource |
---|---|
https://github.com/bruno-robert/window-control/commit/075c854534a749d887655a906759f5a7eee95173 | Patch Third Party Advisory |
https://github.com/bruno-robert/window-control/releases/tag/v1.4.5 | Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-WINDOWCONTROL-3186345 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2023-01-04T17:01:54.603Z
Updated:
Reserved: 2022-02-24T11:58:23.964Z
Link: CVE-2022-25926
JSON object: View
NVD Information
Status : Modified
Published: 2023-01-04T18:15:09.027
Modified: 2023-11-07T03:44:53.220
Link: CVE-2022-25926
JSON object: View
Redhat Information
No data.
CWE