closure-compiler-stream is vulnerable to OS command injection. The args
options are passed to the exec
function without any validation and sanitization, allowing an attacker to inject and execute arbitrary OS commands.
CPE | Name | Operator | Version |
---|---|---|---|
closure-compiler-stream | le | 0.1.15 |