network-manager is vulnerable to OS command injection. The vulnerability exists as the unsanitized value of index.process.env.NM_CLI
in linux/manager.js
, used by getDevices()
in linux/manager.js
, reaches child_process.execSync()
through runCommand()
.
CPE | Name | Operator | Version |
---|---|---|---|
network-manager | le | 1.0.2 | |
network-manager | le | 1.0.2 |