CVE-2019-10783: Injection Vulnerability

January 29, 2020 (updated January 31, 2020)

The npm module is vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.

References

nvd.nist.gov/vuln/detail/CVE-2019-10783

Detect and mitigate CVE-2019-10783 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →