EPSS
Percentile
83.8%
gulp-tape is susceptible to remote code execution (RCE). The vulnerability exists as the flush function accepts the tapeProcess argument directly from the input using tapeBinaryFilepath without any sanitization.
flush
tapeProcess
tapeBinaryFilepath
github.com/yuanqing/gulp-tape/blob/master/index.js#L38