Security Vulnerability: Local Code/OS Command Execution in Commander.js parse() Method

Question

adominguezepiuse opened this issue 5 months ago · comments

Description

John Gee · Answer 1 · Tue Dec 19 2023 02:46:03 GMT+0800 (China Standard Time)

Thanks for the contact, but please see https://github.com/tj/commander.js/blob/master/SECURITY.md#reporting-a-vulnerability for responsibly reporting a security vulnerability.

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.

John Gee · Answer 2 · Fri Feb 16 2024 09:37:23 GMT+0800 (China Standard Time)

This issue was responsibly reported by the Checkmarx Application Security Research Team. It was fixed in v2.20.3 (#1074) and v3.0.2(#1056).