0.002 Low
EPSS
Percentile
57.6%
node-notifier is vulnerable to remote code execution (RCE). An attacker can send malicious commands via options params as it is not sanitized when being passed as an array.
options
github.com/mikaelbr/node-notifier/blob/master/lib/utils.js%23L303
github.com/mikaelbr/node-notifier/commit/2d3927b200a0fd1721e8b8ad59f84f383d3f0e0a