Описание
Command Injection in create-choo-electron
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
Пакеты
Наименование
create-choo-electron
npm
Затронутые версииВерсия исправления
<= 2.0.0
Отсутствует
Связанные уязвимости
CVSS3: 7.4
nvd
около 3 лет назад
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.