VDB
KO
CRITICAL 9.8

GHSA-6m4r-m3gc-h4r5

OS Command Injection in install-package

Details

install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / install-package
Introduced in: 0

No fixed version published yet for install-package (npm). Pin to a known-safe version or switch to an alternative.

References