Command Injection
Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Command Injection via the index.js file. PoC: var a =require"wc-cmd"; a"touch JHU" Note: CVE-2020-28431 has been retracted because it was found to be invalid. Remediation There is no fixed...