GHSA-3c6g-pvg8-gqw2, CVE-2020-7712
maven/org.webjars.npm/json
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.
All versions up to 9.0.6
Unfortunately, there is no solution available yet.
2023-01-27
source |