Description
A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
Remediation
References
https://hackerone.com/reports/701183
Related Vulnerabilities
CVE-2018-7560 Vulnerability in npm package aws-lambda-multipart-parser
CVE-2023-49210 Vulnerability in npm package openssl
CVE-2017-12629 Vulnerability in maven package org.apache.solr:solr-core
CVE-2022-25893 Vulnerability in npm package vm2
CVE-2023-31417 Vulnerability in maven package org.elasticsearch:elasticsearch