Command Injection Vulnerability in Curling.js Library
CVE-2019-10789
9.8CRITICAL
What is CVE-2019-10789?
The Curling.js library is susceptible to command injection through its 'run' function, where the command argument lacks proper sanitization. This flaw allows attackers to manipulate executable commands by injecting malicious input, posing a significant security risk for applications utilizing this library. Developers are advised to implement strict input validation and consider upgrading to secure versions to mitigate potential exploits.
Affected Version(s)
curling.js All versions
