Affected script: "install-scripts:postinstall"
The code is dangerous as it uses the exec() function which allows for arbitrary command execution. The script is downloading and executing a remote script (Rustup install script) via unprotected HTTP request which is a significant security risk. An attacker could potentially intercept the request and provide a malicious script instead. Moreover, arbitrary command execution is generally a high risk vulnerability due to potential code injection attacks - an attacker could manipulate the PATH or features variable to execute any command of their choice. The payload could be constructed in a way to execute harmful commands, creating a serious security vulnerability.
wasm-grate
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|