apex-publish-static-files is vulnerable to command injection. The connectionString
argument is not sanitized when passed to execSync()
, which allows a remote attacker to inject arbitrary shell commands via the connectionString
argument.
CPE | Name | Operator | Version |
---|---|---|---|
apex-publish-static-files | le | 2.0.0 |