Command Injection Vulnerability in is-http2 Package

Command Injection Vulnerability in is-http2 Package

CVE-2022-25906 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function.

Learn more about our Web Application Penetration Testing UK.