Description
jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument.
Remediation
References
https://snyk.io/vuln/SNYK-JS-JSCOVER-564250
https://github.com/node-modules/jscover/blob/master/lib/jscover.js#L59%2C
Related Vulnerabilities
CVE-2020-28448 Vulnerability in npm package multi-ini
CVE-2017-1000386 Vulnerability in maven package org.biouno:uno-choice
CVE-2022-31170 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable
CVE-2022-31192 Vulnerability in maven package org.dspace:dspace-jspui
CVE-2018-1000620 Vulnerability in maven package org.webjars.npm:cryptiles