EPSS
Percentile
72.0%
apex-publish-static-files is vulnerable to command injection. The connectionString argument is not sanitized when passed to execSync(), which allows a remote attacker to inject arbitrary shell commands via the connectionString argument.
connectionString
execSync()
github.com/vincentmorneau/apex-publish-static-files/commit/2209af8f2b65c24aa55ab757e0e05b958c16f063
github.com/vincentmorneau/apex-publish-static-files/issues/12
hackerone.com/reports/405694