Description
umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization.
Remediation
References
https://snyk.io/vuln/SNYK-JS-UMOUNT-564265
Related Vulnerabilities
CVE-2020-2120 Vulnerability in maven package org.jenkins-ci.plugins:fitnesse
CVE-2021-21348 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2020-28435 Vulnerability in npm package ffmpeg-sdk
CVE-2018-20677 Vulnerability in maven package org.fujion.webjars:bootstrap
CVE-2017-1000244 Vulnerability in maven package org.jvnet.hudson.plugins:favorite