CRITICAL 9.8
GHSA-pf8j-vhg8-xmc3
karma-mojo enables OS Command Injection
Details
karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument.
Are you affected?
Enter the version of the package you're using.
Affected packages
npm / karma-mojo
Introduced in:
0 No fixed version published yet for karma-mojo (npm). Pin to a known-safe version or switch to an alternative.