CVE-2022-24377 Information

Dec 15, 2022 cve

Description

The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization.

Reference

https://security.snyk.io/vuln/SNYK-JS-CYCLEIMPORTCHECK-3157955 https://github.com/Soontao/cycle-import-check/commit/1ca97b59df7e9c704471fcb4cf042ce76d7c9890

Share on: