VDB
KO
CRITICAL 9.8

GHSA-gp2j-mg4w-2rh5

chrome-launcher subject to OS Command Injection

Details

chrome-launcher prior to 0.13.2 is subject to OS Command Injection via the `$HOME` environment variable in Linux operating systems. This issue is patched in version 0.13.2.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / chrome-launcher
Introduced in: 0 Fixed in: 0.13.2
Fix npm install chrome-launcher@0.13.2

References