Affected script: "install-scripts:postinstall"
The script contains a command execution vulnerability. The code uses the "child_process" module's "exec" function to execute shell commands. This could allow an attacker to execute arbitrary commands remotely from within the application because the function's parameter is a string of command line instructions instead of specific command arguments.
Furthermore, the script attempts to download and execute Rust toolchain from a URL via a curl command. If an attacker manages to substitute the URL with a malicious one, it could lead to the download and execution of arbitrary malicious code.
wasm-grate
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|