CVE-2020-7730
Published
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param.
Provides a `bestzip` command that uses the system `zip` if avaliable, and a Node.js implimentation otherwise.
GitHub