shelljs is vulnerable to information disclosure. The vulnerability exists in ShellJS exec function of exec.js
because the file permissions have not been locked down which allows an attacker to gain access to sensitive information of file system of the running scripts and crash application.
github.com/advisories/GHSA-4rq4-32rv-6wp6
github.com/shelljs/shelljs/blob/master/src/exec.js#L36L38
github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c
github.com/shelljs/shelljs/issues/1058
github.com/shelljs/shelljs/pull/1060
huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c
huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/