Vulnerabilities

CVE-2021-23352

by Fred · 09/03/2021

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.

Date published : 2021-03-09

https://github.com/pahen/madge/blob/master/lib/graph.js%23L27

https://github.com/pahen/madge/commit/da5cbc9ab30372d687fa7c324b22af7ffa5c6332

Similar

Tags: Cybersecurity Alert