PT-2026-51119
Name of the Vulnerable Software and Affected Versions @cyclonedx/cyclonedx-npm versions 2.1.0 through 4.x Description Command injection occurs when the CLI is invoked with the --workspace option while the environment variable npm execpath is unset or empty. In this scenario, user-supplied values...