Description
umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization.
Remediation
References
https://snyk.io/vuln/SNYK-JS-UMOUNT-564265
Related Vulnerabilities
CVE-2023-37903 Vulnerability in maven package org.webjars.npm:vm2
CVE-2023-41900 Vulnerability in maven package org.eclipse.jetty:jetty-openid
CVE-2023-29216 Vulnerability in maven package org.apache.linkis:linkis-common
CVE-2021-23348 Vulnerability in npm package portprocesses
CVE-2020-28439 Vulnerability in npm package corenlp-js-prefab