Description
This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package.
Remediation
References
https://snyk.io/vuln/SNYK-JS-SPRITESHEETJS-1048333
https://github.com/krzysztof-o/spritesheet.js/blob/master/lib/generator.js%23L32
https://www.npmjs.com/package/spritesheet-js
Related Vulnerabilities
CVE-2020-28452 Vulnerability in maven package com.softwaremill.akka-http-session:core_2.12
CVE-2022-1233 Vulnerability in npm package urijs
CVE-2020-7637 Vulnerability in npm package class-transformer
CVE-2021-44585 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core
CVE-2023-35839 Vulnerability in maven package org.noear:solon.serialization.hessian