Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization.
Advisories for Npm/Curling package
2021