CVE-2022-21186

Published August 5th, 2022

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input.

acrontum/filesystem-template

Filesystem templating engine and project scaffolding tool

GitHub