promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.
[
{
"product": "promise-probe",
"vendor": "Snyk",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 0.10.0"
}
]
}
]