GHSA-j8wr-fwf2-vvr9

Source

https://github.com/advisories/GHSA-j8wr-fwf2-vvr9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-j8wr-fwf2-vvr9/GHSA-j8wr-fwf2-vvr9.json

Aliases

CVE-2022-25908

Published

2023-01-26T21:30:25Z

Modified

2023-11-08T04:08:51.824532Z

Details

All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-25908
https://security.snyk.io/vuln/SNYK-JS-CREATECHOOELECTRON-3157953

Affected packages

npm / create-choo-electron

Package

Name: create-choo-electron

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Last affected

2.0.0