Description
A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
Remediation
References
https://hackerone.com/reports/701183
Related Vulnerabilities
CVE-2022-0512 Vulnerability in npm package url-parse
CVE-2022-36095 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2020-19697 Vulnerability in npm package editor.md
CVE-2017-4947 Vulnerability in maven package com.vmware.xenon:xenon-common
CVE-2020-36183 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind