Command Injection
Overview @cyclonedx/cyclonedx-npm is a Create CycloneDX Software Bill of Materials SBOM from NPM projects. Affected versions of this package are vulnerable to Command Injection via the --workspace argument when the environment variable npmexecpath is unset or empty. An attacker can execute...