CVE-2020-7596

CVE-2020-7596 affects the codecov-node npm module and its code path that processes the gcov-args/gcov-root argument. Multiple connected sources confirm that codecov-node prior to 3.6.5 (and originally up to 3.6.2 for the core CVE-2020-7596 fix) allows remote attackers to execute arbitrary command...