OS Command Injection on Node.JS Jison module
Finding OS Command Injection vulnerability which allows arbitrary shell command execution through a crafted command-line argument on Jison in parser ports began when I started receiving lots of invites over Hackerone. An injection vulnerability manifests when application code sends untrusted user input to an interpreter as…
Jump into →