CVE-2021-23378
The CVE-2021-23378 issue affects all versions of the picotts package. The root cause is unsanitized attacker-controlled input in the say function, which allows execution of arbitrary commands via child_process.exec. Multiple sources (NVD, OSV, GHSA, CVE list) confirm a command-injection vulnerabi...