Description
A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
Remediation
References
https://hackerone.com/reports/701183
Related Vulnerabilities
CVE-2018-18853 Vulnerability in maven package io.spray:spray-json
CVE-2018-18531 Vulnerability in maven package com.github.penggle:kaptcha
CVE-2022-24785 Vulnerability in maven package org.webjars.bower:moment
CVE-2022-25875 Vulnerability in npm package svelte
CVE-2023-6886 Vulnerability in maven package com.xnx3.wangmarket:wangmarket