npm-lockfile is vulnerable to OS command injection. An attacker is able to inject malicious OS command to invoke sensitive command execution API.
CPE | Name | Operator | Version |
---|---|---|---|
npm-lockfile | le | 2.0.4 | |
npm-lockfile | le | 1.0.3 | |
npm-lockfile | le | 3.0.2 | |
npm-lockfile | le | 2.0.4 | |
npm-lockfile | le | 1.0.3 | |
npm-lockfile | le | 3.0.2 |