network-manager up to and including 1.0.2 allows remote malicious users to execute arbitrary commands via the "execSync()" argument.
network-manager project network-manager