OS Command Injection
windows-cpu is vulnerable to command injection resulting in code execution as Node.js user
Advisories for Npm/Windows-Cpu package
2017
Command Execution
The findLoad method passes a provided string directly to the shell, allowing arbitrary command execution.