CVE-2022-21191

global-modules-path Command Injection vulnerability in npm/global-modules-path

Identifiers

GHSA-vvj3-85vf-fgmw, CVE-2022-21191

Package Slug

npm/global-modules-path

Vulnerability

global-modules-path Command Injection vulnerability

Description

Versions of the package global-modules-path before 3.0.0 is vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.

Affected Versions

All versions before 3.0.0

Solution

Upgrade to version 3.0.0 or above.

Last Modified

2023-01-16

source