Description
jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument.
Remediation
References
https://github.com/node-modules/jscover/blob/master/lib/jscover.js#L59%2C
https://snyk.io/vuln/SNYK-JS-JSCOVER-564250
Related Vulnerabilities
CVE-2022-35915 Vulnerability in npm package openzeppelin-solidity
CVE-2020-4035 Vulnerability in npm package @nozbe/watermelondb
CVE-2016-10540 Vulnerability in npm package minimatch
CVE-2021-32824 Vulnerability in maven package org.apache.dubbo:dubbo-common
CVE-2020-14340 Vulnerability in maven package org.jboss.xnio:xnio-nio