CVE-2020-7646

Name of the Vulnerable Software and Affected Versions curlrequest versions 1.0.0 through 1.0.1

Description The issue allows for the execution of arbitrary commands by injecting commands using a semicolon character in any of the options values. This can enable a remote attacker to execute arbitrary commands. The vulnerability is related to the failure to neutralize special elements used in the operating system command.

Recommendations For versions 1.0.0 through 1.0.1, consider disabling the use of the options values until a patch is available to prevent command injection. As a temporary workaround, restrict the use of semicolon characters in the options values to minimize the risk of exploitation. Avoid using user input to populate the file parameter to prevent reading arbitrary files.