Description
A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
Remediation
References
https://hackerone.com/reports/703415
Related Vulnerabilities
CVE-2020-28439 Vulnerability in npm package corenlp-js-prefab
CVE-2023-2968 Vulnerability in npm package proxy
CVE-2020-19697 Vulnerability in maven package org.webjars.bower:editor.md
CVE-2020-2287 Vulnerability in maven package org.jenkins-ci.plugins:audit-trail
CVE-2022-34662 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-common