{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2016-10541","assignerOrgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","assignerShortName":"hackerone","datePublished":"2018-05-31T20:00:00.000Z","dateUpdated":"2024-09-17T03:18:50.154Z","dateReserved":"2017-10-29T00:00:00.000Z"},"containers":{"cna":{"datePublic":"2018-04-26T00:00:00.000Z","providerMetadata":{"orgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","shortName":"hackerone","dateUpdated":"2022-11-22T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"The npm module \"shell-quote\" 1.6.0 and earlier cannot correctly escape \">\" and \"<\" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection."}],"affected":[{"vendor":"HackerOne","product":"shell-quote node module","versions":[{"version":"<=1.6.0","status":"affected"}]}],"references":[{"url":"https://nodesecurity.io/advisories/117"},{"url":"https://github.com/advisories/GHSA-qg8p-v9q4-gh34"}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"OS Command Injection (CWE-78)","cweId":"CWE-78"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T03:21:52.153Z"},"title":"CVE Program Container","references":[{"url":"https://nodesecurity.io/advisories/117","tags":["x_transferred"]},{"url":"https://github.com/advisories/GHSA-qg8p-v9q4-gh34","tags":["x_transferred"]}]}]}}