Improper Neutralization of Special Elements used in a Command ('Command Injection')
All versions of the package create-choo-app3 is vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
Advisories for Npm/Create-Choo-App3 package
2023