CVE-2021-23352

Published March 9th, 2021

View on NVD ↗

CVSS v3

8.6

HIGH

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.

pahen/madge

Create graphs from your CommonJS, AMD or ES6 module dependencies

GitHub

10.1K