QID 995307
Date Published: 2023-09-21
QID 995307: NodeJs (Npm) Security Update for @frangoteam/fuxa (GHSA-r87q-fq37-pvr6)
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-r87q-fq37-pvr6 for updates and patch information.
Vendor References
- GHSA-r87q-fq37-pvr6 -
github.com/advisories/GHSA-r87q-fq37-pvr6
CVEs related to QID 995307
Software Advisories
| Advisory ID | Software | Component | Link |
|---|