Madge Project: Security Vulnerabilities
This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.
CVSS Score
8.6
EPSS Score
0.006
Published
2021-03-09