Patrik Henningsson

1 exploit Active since Mar 2021
CVE-2021-23352 WRITEUP HIGH WRITEUP
madge < 4.0.1 - OS Command Injection via GraphViz Path Parameter
This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.
CVSS 8.6