Description
OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.
Remediation
References
https://github.com/ljharb/npm-lockfile/commit/bfdb84813260f0edbf759f2fde1e8c816c1478b8
https://huntr.dev/bounties/4f806dc9-2ecd-4e79-997e-5292f1bea9f1
Related Vulnerabilities
CVE-2022-3510 Vulnerability in maven package com.google.protobuf:protobuf-javalite
CVE-2019-5432 Vulnerability in maven package org.webjars.npm:mqtt-packet
CVE-2023-31544 Vulnerability in maven package org.opencms:opencms-core
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-logparser