lifion-verify-deps is vulnerable to OS command injection. An attacker can inject and execute malicious commands through the getLatestVersions
and getLatestTag
functions of index.js
by providing a maliciously crafted dependency name to the package.json