Command Injection in command-exists

Versions of command-exists before 1.2.4 are vulnerable to command injection. This is exploitable if user input is provided to this module. Recommendation Update to version 1.2.4 or later...

@mean-expert/fireloop (>=1.0.0-alpha.8 <=1.0.0-beta.2.7), @shoutem/cli (>=0.10.5 <=0.13.5) +88 more potentially affected by unknown CVE via command-exists (>=0.1.1 <=1.2.2)

command-exists NPM version =0.1.1, =1.0.0-alpha.8, =0.10.5, =0.1.0, =1.0.0, =5.0.11, =0.0.8, =0.2.0, =0.0.14, =1.0.0, =0.0.7, =0.0.4, =0.6.1, =1.0.0, =1.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-CFF4-RRQ6-H78W...

GHSA-CFF4-RRQ6-H78W Command Injection in command-exists

Versions of command-exists before 1.2.4 are vulnerable to command injection. This is exploitable if user input is provided to this module. Recommendation Update to version 1.2.4 or later...

Command Injection

Overview Versions of command-exists before 1.2.4 are vulnerable to command injection. This is exploitable if user input is provided to this module. Recommendation Update to version 1.2.4 or later. References - HackerOne Report -...

Node.js third-party modules: `command-exists` concatenates unsanitized input into exec()/execSync() commands

I would like to report command injection in command-exists. It allows to inject and execute arbitrary shell commands while trying to determine if a crafted command exists. Module module name: command-exists version: 1.2.2 npm page: https://www.npmjs.com/package/command-exists Module Description...