Potential Command Injection

Module: printer

Published: March 6th, 2014

Reported by: Adam Baldwin

CVE-2014-3741

CWE-

Vulnerable: <= 0.0.1
Patched: > 0.0.1

Overview

printer does not sanitize command arguments properly in the printDirect() function. If untrusted client input is passed in, command injection is possible.

Special thanks to Wes Cruver for providing a pull request!

Remediation

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo