CWE-78

strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the ‘_nginxCmd()’ function.

jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument.

effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument.

op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function.

karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument.

node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the ‘arrParams’ argument in the ‘execute()’ function.