=====================================================================

                             CERT-Renater

                 Note d'Information No. 2022/VULN028
_____________________________________________________________________

DATE                : 2022-01-19

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): System Running  shelljs package

=====================================================================
https://github.com/shelljs/shelljs/security/advisories/GHSA-64g7-mvw6-v9qj
_____________________________________________________________________

Description
Impact
Output from the synchronous version of shell.exec() may be visible to
other users on the same system. You may be affected if you execute
shell.exec() in multi-user Mac, Linux, or WSL environments, or if you
execute shell.exec() as the root user.

Other shelljs functions (including the asynchronous version of
shell.exec()) are not impacted.

Patches
Patched in shelljs 0.8.5

Workarounds
Recommended action is to upgrade to 0.8.5.

References
https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/

For more information
If you have any questions or comments about this advisory:

Ask at #1058
Open an issue at https://github.com/shelljs/shelljs/issues/new


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================