EPSS
Percentile
83.8%
closure-compiler-stream is vulnerable to OS command injection. The args options are passed to the exec function without any validation and sanitization, allowing an attacker to inject and execute arbitrary OS commands.
args
exec
github.com/davidrekow/closure-compiler-stream/blob/master/index.js#L110-L111