Command Injection in global-modules-path getPath function

Command Injection in global-modules-path getPath function

CVE-2022-21191 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.

Learn more about our Web Application Penetration Testing UK.