Description
A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
Remediation
References
https://hackerone.com/reports/701183
Related Vulnerabilities
CVE-2018-14042 Vulnerability in npm package bootstrap-sass
CVE-2022-45395 Vulnerability in maven package com.thalesgroup.jenkins-ci.plugins:cccc
CVE-2016-4467 Vulnerability in maven package org.apache.qpid:proton-project
CVE-2017-16066 Vulnerability in npm package opencv.js
CVE-2022-28150 Vulnerability in maven package com.synopsys.jenkinsci:ownership