helixlife 网站后台命令行工具
A remote authorization response can reach shell execution during an explicit login. No install-time execution or agent-control-surface mutation is present.
`cli/dist/core/auth/index.js` interpolates server-returned `link_url` into `exec()` shell commands.
cli/dist/core/auth/index.jsView on unpkg`auth login` invokes `openBrowser()` by default after fetching the authorization URL.
package.jsonView on unpkgShell metacharacters in a malicious authorization URL can escape the surrounding quotes and execute commands.
package.jsonView on unpkg`cli/dist/core/auth/index.js` interpolates server-returned `link_url` into `exec()` shell commands.
cli/dist/core/auth/index.jsView on unpkg`auth login` invokes `openBrowser()` by default after fetching the authorization URL.
package.jsonView on unpkg · L15Shell metacharacters in a malicious authorization URL can escape the surrounding quotes and execute commands.
package.jsonView on unpkg · L15