Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated malicious user to execute arbitrary NodeJS code.
druva insync 6.5.0