CVE-2020-7632

node-mpv (Node.js wrapper for mpv) up to version 1.4.3 is vulnerable to a Command Injection due to unsanitized control of the options argument. The root cause is that the options object can be crafted by an attacker to execute arbitrary commands, with network access and no user interaction requir...