VDB
KO
CRITICAL 9.8

GHSA-c5hm-xc74-pqrg

OS Command Injection in jscover

Details

jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / jscover
Introduced in: 0

No fixed version published yet for jscover (npm). Pin to a known-safe version or switch to an alternative.

References