Thanks for devloping this great npm package! We find a potential command injection vulnerabilty from it. The bug is caused by the fact that package-exported method fail to sanitize pkgs parameter and let it flow into a sensitive command execution API.
Hi,
Thanks for devloping this great npm package! We find a potential command injection vulnerabilty from it. The bug is caused by the fact that package-exported method fail to sanitize
pkgsparameter and let it flow into a sensitive command execution API.Here is the proof of concept.
Please consider fix it. thanks!
The text was updated successfully, but these errors were encountered: