RSS   Vulnerabilities for 'Madge'   RSS

2021-03-09
 
CVE-2021-23352

CWE-89
 

 
This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.

 


Copyright 2024, cxsecurity.com

 

Back to Top