thenify is a Promisify a callback-based function using any-promise. Affected versions of this package are vulnerable to Arbitrary Code Execution. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval
This article has been indexed from LinuxSecurity.com – Hybrid RSS
Read the original article: