Name of the Vulnerable Software and Affected Versions priest-runner versions (affected versions not specified)

Description The issue concerns a command injection problem where input is not properly sanitized and is directly passed to a spawn call, potentially allowing attackers to execute arbitrary code on the system. The PriestController.prototype.createChild function is specifically vulnerable because the spawn parameters are derived from a POST request body.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.