CVE-2022-25906
CVE-2022-25906 affects the JavaScript package is-http2. The vulnerability is a Command Injection in the isH2-related handling due to missing input sanitization in the module’s code (index.js). Several sources describe that all versions are vulnerable and that using the sandboxed isH2 path does no...