CRITICAL 9.8
GHSA-6m4r-m3gc-h4r5
OS Command Injection in install-package
Details
install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.
Are you affected?
Enter the version of the package you're using.
Affected packages
npm / install-package
Introduced in:
0 No fixed version published yet for install-package (npm). Pin to a known-safe version or switch to an alternative.