Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Advisories for Npm/Pennyworth package
2019
2017
Downloads Resources over HTTP
pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.