QwikSec

Security Database

CVE

CWE

Training

CVE-2021-34083

Published: Jun 1, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially exposing the server to RCE.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://advisory.checkmarx.net/advisory/CX-2021-4777

x_refsource_MISC

https://github.com/PatNeedham/google-it/blob/v1.6.2/lib/googleIt.js#L59

x_refsource_MISC

https://github.com/PatNeedham/google-it/blob/v1.6.2/src/googleIt.js#L34

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.