Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Versions of the package exec-local-bin before 1.2.0 is vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization.