Description
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization.
Remediation
References
https://snyk.io/vuln/SNYK-JS-CLOSURECOMPILERSTREAM-560123
Related Vulnerabilities
CVE-2023-32315 Vulnerability in maven package org.igniterealtime.openfire:xmppserver
CVE-2023-40814 Vulnerability in maven package org.opencrx:opencrx-core-models
CVE-2022-0748 Vulnerability in npm package post-loader
CVE-2020-8116 Vulnerability in maven package org.webjars.npm:dot-prop
CVE-2022-41713 Vulnerability in npm package deep-object-diff