Description
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
Remediation
References
https://security.snyk.io/vuln/SNYK-JS-CREATECHOOELECTRON-3157953
Related Vulnerabilities
CVE-2020-28500 Vulnerability in maven package org.webjars:lodash
CVE-2020-7707 Vulnerability in npm package property-expr
CVE-2023-29525 Vulnerability in maven package org.xwiki.platform:xwiki-platform-distribution-war
CVE-2020-8124 Vulnerability in npm package url-parse
CVE-2022-33891 Vulnerability in maven package org.apache.spark:spark-core_2.13