Description
All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
Remediation
References
https://security.snyk.io/vuln/SNYK-JS-CREATECHOOAPP3-3157951
Related Vulnerabilities
CVE-2017-16178 Vulnerability in npm package intsol-package
CVE-2020-16024 Vulnerability in maven package org.webjars.npm:electron
CVE-2018-13797 Vulnerability in npm package macaddress
CVE-2020-28445 Vulnerability in npm package npm-help
CVE-2022-1245 Vulnerability in maven package org.keycloak:keycloak-services