GHSA-6m4r-m3gc-h4r5CriticalCVSS 9.8

OS Command Injection in install-package

Published
February 10, 2022
Last Modified
July 6, 2026

🔗 CVE IDs covered (1)

📋 Description

install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.

🎯 Affected products1

  • npm/install-package:<= 0.4.0

🔗 References (4)