Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| growl(npm) | 0 | 1.10.0 | N/A |
CVSS Metrics
