CVE-2019-25158
CVE-2019-25158 affects pedroetb tts-api up to version 2.1.4. The vulnerability is in the onSpeechDone function of app.js, enabling OS command injection. A fix is available in version 2.2.0, with the patch identified as 29d9c25415911ea2f8b6de247cb5c4607d13d434. Upgrading to 2.2.0 is recommended to...