Description
enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization.
Remediation
References
https://github.com/balderdashy/enpeem/blob/master/index.js#L114
https://snyk.io/vuln/SNYK-JS-ENPEEM-559007
Related Vulnerabilities
CVE-2022-25901 Vulnerability in maven package org.webjars.npm:cookiejar
CVE-2019-10397 Vulnerability in maven package org.jenkins-ci.plugins:aqua-serverless
CVE-2019-19771 Vulnerability in npm package bpi39
CVE-2018-3733 Vulnerability in npm package crud-file-server
CVE-2020-27216 Vulnerability in maven package org.mortbay.jetty:jetty