Command Injection Vulnerability in is-http2 Package
CVE-2022-25906 · HIGH Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function.
Learn more about our Web Application Penetration Testing UK.