All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
{ "nvd_published_at": "2023-01-26T21:15:00Z", "github_reviewed_at": "2023-01-27T01:06:29Z", "github_reviewed": true, "severity": "CRITICAL", "cwe_ids": [ "CWE-77", "CWE-78" ] }