EPSS
Percentile
28.6%
is-http2 is vulnerable to Command Injection. The vulnerability exists in the Promise function of index.js due to missing input sanitization which allows an attacker to inject and execute arbitrary commands into the system.
Promise
index.js
github.com/advisories/GHSA-2275-rpf5-xv8h
github.com/stefanjudis/is-http2/blob/master/index.js#L23
github.com/stefanjudis/is-http2/blob/master/index.js%23L23