EPSS
Percentile
65.2%
sonar-wrapper is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of input via the run function allowing an attacker to inject maliciously crafted command into the system.
run
github.com/llooiicc/sonar-wrapper/blob/master/lib/sonarRunner.js#L18