EPSS
Percentile
93.7%
node-mpv is vulnerable to remote code execution (RCE). The vulnerability exists because the parameter options was not sanitized properly, allowing to be controlled by the attacker by sending malicious code to execute.
options
github.com/j-holub/Node-MPV/blob/master/lib/util.js#L34