0.002 Low
EPSS
Percentile
61.8%
npm-help is vulnerable to command injection. The vulnerability exists in the export.latestVersion function in index.js which allows an attacker to inject and execute malicious commands.
export.latestVersion
index.js
github.com/advisories/GHSA-cffc-m953-rpr2
security.netapp.com/advisory/ntap-20220901-0012/