Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JS-GETNPMPACKAGEVERSION-1050390
- published 20 Jan 2021
- disclosed 11 Dec 2020
- credit JHU System Security Lab
How to fix?
get-npm-package-version to version 1.0.7 or higher.
Affected versions of this package are vulnerable to Command Injection via main function in
var a = require("get-npm-package-version"); a("& touch JHU");