What the vulnerability does

01Description

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.

Key dates

02Disclosure timeline

May 15, 2020 CVE published
August 4, 2024 Record updated