Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in flatmap-stream.
Advisories for Npm/Flatmap-Stream package
2020
2018
Critical severity vulnerability that affects event-stream and flatmap-stream
The NPM package flatmap-stream is considered malicious. A malicious actor added this package as a dependency to the NPM event-stream package in version 3.3.6. Users of event-stream are encouraged to downgrade to the last non-malicious version, 3.3.4, or upgrade to the latest 4.x version. Users of flatmap-stream are encouraged to remove the dependency entirely.
Malicious package
The flatmap-stream package is malicious.