All versions of
soletta-dev-app are vulnerable to Command Injection. The package does not validate user input on the
/api/service/status API endpoint, passing contents of the
service query parameter to an exec call. This may allow attackers to run arbitrary commands in the system.
No fix is currently available. Consider using an alternative module until a fix is made available.