Description
jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument.
Remediation
References
https://github.com/node-modules/jscover/blob/master/lib/jscover.js#L59%2C
https://snyk.io/vuln/SNYK-JS-JSCOVER-564250
Related Vulnerabilities
CVE-2022-23505 Vulnerability in npm package passport-wsfed-saml2
CVE-2022-33891 Vulnerability in maven package org.apache.spark:spark-core_2.12
CVE-2020-7631 Vulnerability in npm package diskusage-ng
CVE-2015-3253 Vulnerability in maven package org.codehaus.groovy:groovy-all
CVE-2022-29648 Vulnerability in maven package com.jflyfox:jflyfox_jfinal