GHSA-G4HJ-R7R3-9RWV OS Command Injection in gulp-scss-lint

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...

Vulnerability of the `exec` function in the gulp-scss-lint package from the NPM package manager, allowing attackers to execute arbitrary commands.

The vulnerability of the exec function in the src/command.js file of the gulp-scss-lint package exists because measures to eliminate special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...