CVE-2022-25906

is-http2 vulnerable to Command Injection in npm/is-http2

Identifiers

CVE-2022-25906, GHSA-2275-rpf5-xv8h

Package Slug

npm/is-http2

Vulnerability

is-http2 vulnerable to Command Injection

Description

All versions of the package is-http2 is vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function.

Affected Versions

All versions

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-02-03

source