Description
A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
Remediation
References
https://hackerone.com/reports/701183
Related Vulnerabilities
CVE-2020-14340 Vulnerability in maven package org.jboss.xnio:xnio-api
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http_2.12
CVE-2015-5253 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-sso-saml
CVE-2020-6506 Vulnerability in npm package react-native-webview
CVE-2022-24289 Vulnerability in maven package org.apache.cayenne:cayenne-server