Security Vulnerability: Local Code/OS Command Execution in Commander.js parse() Method
adominguezepiuse opened this issue · comments
adominguezepiuse commented
Description
John Gee commented
Thanks for the contact, but please see https://github.com/tj/commander.js/blob/master/SECURITY.md#reporting-a-vulnerability for responsibly reporting a security vulnerability.
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
John Gee commented
This issue was responsibly reported by the Checkmarx Application Security Research Team. It was fixed in v2.20.3 (#1074) and v3.0.2(#1056).
The Checkmarx vulnerability library lists this as: https://devhub.checkmarx.com/cve-details/Cx435a6fda-ca38/