addax prior to 1.1.0 are vulnerable to Command Injection. The package does not validate user input on the
presignPath function which receives input directly from the API endpoint. Exploiting the vulnerability requires authentication. This may allow attackers to run arbitrary commands in the system.
Upgrade to version 1.1.0 or later.