EPSS
Percentile
76.1%
picotts is vulnerable to arbitrary code execution. The vulnerability exists due to the lack of sanitization of user-provided input to the say function which is subsequently parsed in the child_process.exec function.
say
child_process.exec
github.com/advisories/GHSA-wq7q-5v6j-xfv6
github.com/luisivan/node-picotts/blob/8c6b183b884890c8e9422f93036b374942398c8b/index.js#L16
github.com/luisivan/node-picotts/blob/8c6b183b884890c8e9422f93036b374942398c8b/index.js%23L16