@ronomon/opened is vulnerable to OS command injection. A remote attacker can execute commands on the system because an untrusted input is not filtered and used as part of a string executed as a command by child_process.exec()
.
CPE | Name | Operator | Version |
---|---|---|---|
@ronomon/opened | le | 1.5.1 |