CRITICAL 9.8
GHSA-4xrw-wvmq-8jmh
OS Command Injection in node-key-sender
Details
node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute()' function.
Are you affected?
Enter the version of the package you're using.
Affected packages
npm / node-key-sender
Introduced in:
0 No fixed version published yet for node-key-sender (npm). Pin to a known-safe version or switch to an alternative.