CVE-2020-28443

CVE-2020-28443 affects all versions of the Node package sonar-wrapper, with the injection point in lib/sonarRunner.js. The vulnerability is a Command Injection flaw, allowing crafted input to be injected into system commands (high impact: CVSS 3.1 base score 9.8). Connected sources confirm the vu...