Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the info method due to improper input sanitization. PoC js const smartctl = require'smartctl'; smartctl.info';touch EXPLOITED;', function; Remediation There is no fixed version for smartctl. References - Vulnerable...