CVE-2022-25906

Published February 1st, 2023

View on NVD ↗

CVSS v3

7.4

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function.

stefanjudis/is-http2

Module to check for http/2 support

GitHub