Arbitrary Code Execution

Affecting tianma-static package, ALL versions

high severity

Overview

tianma-static Provides a static file service.

Affected versions of this package are vulnerable to Arbitrary Code Execution via the filename parameter.

Remediation

There is no fix version for tianma-static.

References

Do your applications use this vulnerable package?

Credit
abdilahrf
CVE
CVE-2018-16474
CWE
CWE-94
Snyk ID
SNYK-JS-TIANMASTATIC-72574
Disclosed
01 Sep, 2018
Published
08 Nov, 2018