npm-dependency-versions

Releases6

Frequency9 hours

Last Release almost 10 years ago

A utility for determining the package versions at given points in time

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-29080 ↗	Apr 12, 2022Tuesday, 12 April 2022, 05:15	9.8 CRITICAL	7.5 HIGH
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.