Affected script: "install-scripts:postinstall"
The script uses the "exec" function to execute system commands. This function can potentially be a serious security risk if it is used to execute commands that an attacker has any control over. In this script, the exec function is used to download and execute a shell script from the internet ("https://sh.rustup.rs"). This is a security vulnerability, as it can allow for remote code execution if the URL is compromised.
Secondly, this script makes use of command line argument manipulation for the features
variable, which if not carefully cleaned, can lead to injection attacks.
Lastly, this script is publicly changing PATH
environment variable to include the ".cargo" directory in the home directory, which can be catastrophic if an attacker manages to put a malicious executable in there.
wasm-grate
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|