Arbitrary Code Execution
Affecting nuclide package, versions <0.290.0
nuclide is a collection of features for Atom to provide IDE-like functionality for a variety of programming languages and technologies.
Affected versions of this package are vulnerable to Arbitrary Code Execution.
hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution.
nuclide to version 0.290.0 or higher.