CVE-2022-21186

Description

The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input.

References

ExploitThird Party Advisory
PatchThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics