CVE-2019-10796

Name of the Vulnerable Software and Affected Versions rpi versions 0.0.0 through 0.0.3

Description The issue allows execution of arbitrary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the argument of exec function without any sanitization.

Recommendations For versions 0.0.0 through 0.0.3, consider disabling the GPIO function within src/lib/gpio.js to prevent exploitation until a proper fix is available. Restrict access to the exec function to minimize the risk of arbitrary command execution. Avoid using the variable pinNumbver in the affected function until the issue is resolved.