EPSS
Percentile
5.2%
sharp is vulnerable to arbitrary command injection. An attacker is able to set the value of the PKG_CONFIG_PATH environment variable in a build environment which allows arbitrary command injection at npm install time.
PKG_CONFIG_PATH
npm install
github.com/lovell/sharp/commit/a6aeef612be50f5868a77481848b1de674216f0c
github.com/lovell/sharp/security/advisories/GHSA-gp95-ppv5-3jc5