CVE-2020-7602
CVE-2020-7602 relates to node-prompt-here up to version 1.0.1 where the runCommand() in linux/manager.js is invoked by getDevices(), which is tied to index.process.env.NM_CLI. The argument to execSync() is constructed unsafely and controllable by users, enabling arbitrary command execution (OS co...