p4 vulnerable to Command Injection due to improper input sanitization

The package p4 before 0.0.7 is vulnerable to Command Injection via the run function due to improper input sanitization...

GHSA-JFM8-HWHG-R6GG p4 vulnerable to Command Injection due to improper input sanitization

The package p4 before 0.0.7 is vulnerable to Command Injection via the run function due to improper input sanitization...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the run function due to improper input sanitization PoC javascript var root = require"p4" root.run"& touch JHU","",function Remediation Upgrade p4 to version 0.0.7 or higher. References - GitHub Commit - Vulnerable...