CVE-2017-16042: nodejs-growl: Does not properly sanitize input before passing it to exec

Severity: Critical

CVSS Score: 9.8

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.