Description
The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization.
Remediation
References
https://security.snyk.io/vuln/SNYK-JS-CYCLEIMPORTCHECK-3157955
https://github.com/Soontao/cycle-import-check/commit/1ca97b59df7e9c704471fcb4cf042ce76d7c9890
Related Vulnerabilities
CVE-2022-31367 Vulnerability in npm package @strapi/strapi
CVE-2023-28154 Vulnerability in maven package org.webjars.npm:webpack
CVE-2023-34092 Vulnerability in maven package org.webjars.npm:vite
CVE-2021-32851 Vulnerability in npm package mind-elixir
CVE-2020-23811 Vulnerability in maven package com.xuxueli:xxl-job