Description
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
Remediation
References
https://security.snyk.io/vuln/SNYK-JS-CREATECHOOELECTRON-3157953
Related Vulnerabilities
CVE-2022-25894 Vulnerability in maven package com.bstek.uflo:uflo-core
CVE-2022-28355 Vulnerability in maven package org.scala-js:scalajs-library_2.11
CVE-2021-21266 Vulnerability in maven package org.openhab.addons.bundles:org.openhab.transform.xpath