npm-programmatic up to and including 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
npm-programmatic project npm-programmatic |