Vulnerability impacts standard-version utility, which is used by more than 20,000 projects
A recently discovered bug allows hackers to execute shell commands in several node.js repositories, including the popular CodeQL, GitHub’s semantic code security analysis tool, was developing a new query to detect similar bugs.
“The query modeled a dangerous code pattern that could end in a command-line injection vulnerability,” the spokesperson for GitHub Security Lab said.
“While researching this issue, we noticed roughly 15 other security issues that all followed the same pattern of: ‘library API that accidentally allows for The complete package: Everything you need to know about npm security
