Command Injection
Overview alfred-workflow-nodejs is an Alfred workflow nodejs module Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in any of the key values. PoC var AlfredNode = require'alfred-workflow-nodejs'; var util...