Vulnerabilities > Node Openssl Project

DATE CVE VULNERABILITY TITLE RISK
2023-11-23 CVE-2023-49210 Command Injection vulnerability in Node-Openssl Project Node-Openssl 1.0.2
The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution).
network
low complexity
node-openssl-project CWE-77
critical
9.8
2018-06-07 CVE-2017-16064 Information Exposure vulnerability in Node-Openssl Project Node-Openssl
node-openssl was a malicious module published with the intent to hijack environment variables.
network
low complexity
node-openssl-project CWE-200
5.0