npm-dependency-versions is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of input via the API endpoint via the dependencyVersions()
function.
CPE | Name | Operator | Version |
---|---|---|---|
npm-dependency-versions | le | 0.3.0 | |
npm-dependency-versions | le | 0.3.0 |