Npm-Dependency-Versions Project: >> Npm-Dependency-Versions >> 0.2.0 Security Vulnerabilities
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.
CVSS Score
9.8
EPSS Score
0.034
Published
2022-04-12