VDB
KO
CRITICAL 9.8

GHSA-pf8j-vhg8-xmc3

karma-mojo enables OS Command Injection

Details

karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / karma-mojo
Introduced in: 0

No fixed version published yet for karma-mojo (npm). Pin to a known-safe version or switch to an alternative.

References