Command Injection in addax
Versions of addax are vulnerable to Command Injection. The package does not validate user input on the presignPath function which receives input directly from the API endpoint. Exploiting the vulnerability requires authentication. This may allow attackers to run arbitrary commands in the system. Upgrade to or later.