|
|
|
|
|
|
by micaksica
3605 days ago
|
|
|
I actually looked at the code for 5 minutes. This module is vulnerable to arbitrary code execution simply by having a malicious JavaScript file in a directory or subdirectory underneath where `auto-install` is run, without the user even needing to make a typo due to its design. The documentation currently just says 'avoid typos'. siddharthkp: please give me a way to contact you. see my contact info on my profile. |
|
|
So their security model is basically the same as with C: "do it perfectly the first time."