GHSA-6m4r-m3gc-h4r5CriticalCVSS 9.8
OS Command Injection in install-package
🔗 CVE IDs covered (1)
📋 Description
install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.
🎯 Affected products1
- npm/install-package:<= 0.4.0