CVE-2019-10789

Name of the Vulnerable Software and Affected Versions curling.js versions prior to 1.1.0 curling versions prior to 1.1.0

Description The issue concerns Command Injection via the run function, where the command argument can be controlled by users without any sanitization. This allows for potential exploitation.

Recommendations For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the run function until a patch is available. Restrict access to the command argument in the affected API endpoint to minimize the risk of exploitation.