0.0004 Low
EPSS
Percentile
16.0%
is-http2 is vulnerable to Command Injection. The vulnerability exists in the Promise function of index.js due to missing input sanitization which allows an attacker to inject and execute arbitrary commands into the system.
Promise
index.js
github.com/advisories/GHSA-2275-rpf5-xv8h
github.com/stefanjudis/is-http2/blob/master/index.js#L23
github.com/stefanjudis/is-http2/blob/master/index.js%23L23