Description
Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer.
Remediation
References
https://github.com/kucherenko/blamer/commit/5fada8c9b6986ecd28942b724fa682e77ce1e11c%2C
https://snyk.io/vuln/SNYK-JS-BLAMER-559541
Related Vulnerabilities
CVE-2021-38384 Vulnerability in npm package serverless-offline
CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-media-embed
CVE-2022-24823 Vulnerability in maven package io.netty:netty-codec-http
CVE-2020-6427 Vulnerability in maven package org.webjars.npm:electron
CVE-2021-21666 Vulnerability in maven package org.jenkins-ci.plugins:kiuwanjenkinsplugin