CVE-2022-29080

Published: 2022-04-12T05:15Z

Last Modified: 2024-11-21T06:58Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt