An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s).
@stoqey/gnuplot
{ "last_known_affected_version_range": "<= 0.0.3" }