CVE-2020-7794
CVE-2020-7794 affects all versions of the buns package. The injection point is in lib/index.js:678 inside the exported function install(requestedModule). This enables command injection via crafted input; PoC and advisory details indicate insecure use of exec leading to arbitrary code execution. T...