Command Injection
Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function. PoC javascript var root = require"is-http2" root"./",openssl:"touch JHU" Remediation There is no fixed version for...