0.004 Low
EPSS
Percentile
72.8%
pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of ‘pomelo-monitor’ params.
github.com/halfblood369/monitor/blob/900b5cadf59edcccac4754e5706a22719925ddb9/lib/processMonitor.js,
nvd.nist.gov/vuln/detail/CVE-2020-7620
snyk.io/vuln/SNYK-JS-POMELOMONITOR-173695