CRITICAL 9.8
GHSA-m8xj-5v73-3hh8
curlrequest allows execution of arbitrary commands
Details
curlrequest through 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands by using a semicolon char in any of the `options` values.
Are you affected?
Enter the version of the package you're using.
Affected packages
npm / curlrequest
Introduced in:
0 No fixed version published yet for curlrequest (npm). Pin to a known-safe version or switch to an alternative.