Description
karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument.
Remediation
References
https://github.com/amireh/karma-mojo/blob/master/index.js#L100%2C
https://snyk.io/vuln/SNYK-JS-KARMAMOJO-564260
Related Vulnerabilities
CVE-2020-28487 Vulnerability in npm package vis-timeline
CVE-2022-25857 Vulnerability in maven package org.yaml:snakeyaml
CVE-2023-33695 Vulnerability in maven package cn.hutool:hutool-core
CVE-2021-40822 Vulnerability in maven package org.geoserver:gs-main
CVE-2022-43183 Vulnerability in maven package com.xuxueli:xxl-job-core