Improper Neutralization of Special Elements used in a Command ('Command Injection')
Versions of the package global-modules-path before 3.0.0 is vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.