Description
karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument.
Remediation
References
https://github.com/amireh/karma-mojo/blob/master/index.js#L100%2C
https://snyk.io/vuln/SNYK-JS-KARMAMOJO-564260
Related Vulnerabilities
CVE-2021-37694 Vulnerability in npm package @asyncapi/java-spring-cloud-stream-template
CVE-2021-44585 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core
CVE-2023-26486 Vulnerability in maven package org.webjars.npm:vega
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-parent
CVE-2022-25758 Vulnerability in maven package org.webjars.npm:scss-tokenizer