CVE-2022-25906, GHSA-2275-rpf5-xv8h
npm/is-http2
is-http2 vulnerable to Command Injection
All versions of the package is-http2 is vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function.
All versions
Unfortunately, there is no solution available yet.
2023-02-03
source |