CVE-2021-23381
CVE-2021-23381 affects all versions of the npm package killing. The root cause is use of child_process.exec without input sanitization, enabling an attacker-controlled input to execute arbitrary commands. Public advisories (GHSA-CQ77-8JPX-892G, OSV entry) describe command injection impacting vers...