The package cycle-import-check before version 1.3.2 is vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt
function due to improper user-input sanitization.
{ "github_reviewed": true, "github_reviewed_at": "2022-12-14T21:40:46Z", "nvd_published_at": "2022-12-14T05:15:00Z", "cwe_ids": [ "CWE-77", "CWE-78" ], "severity": "CRITICAL" }