Node.js third-party modules: [extra-ffmpeg] Command Injection via insecure command formatting

I would like to report a Command Injection issue in the extra-ffmpeg module. It allows to execute arbitrary commands on the victim's PC. Module module name: extra-ffmpeg version: 4.0.3 npm page: https://www.npmjs.com/package/extra-ffmpeg Module Description Decode, encode, transcode, mux, demux,...