Description
A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
Remediation
References
https://hackerone.com/reports/703415
Related Vulnerabilities
CVE-2018-25079 Vulnerability in npm package is-url
CVE-2020-10693 Vulnerability in maven package org.hibernate:hibernate-validator
CVE-2020-9488 Vulnerability in maven package org.apache.logging.log4j:log4j-core
CVE-2019-1003067 Vulnerability in maven package org.jenkins-ci.plugins:trac-publisher-plugin
CVE-2016-8745 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core