A command injection vulnerability affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.
{ "nvd_published_at": "2022-07-25T14:15:00Z", "severity": "CRITICAL", "github_reviewed_at": "2022-08-06T05:18:26Z", "github_reviewed": true, "cwe_ids": [ "CWE-77" ] }