Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| growl_project | growl | * |