Command Injection Vulnerability in eslint-fixer Package by Node.js
CVE-2021-26275
9.8CRITICAL
What is CVE-2021-26275?
The eslint-fixer package for Node.js, specifically versions up to 0.1.5, is susceptible to command injection through the use of shell metacharacters in its fix function. This vulnerability poses a risk to systems running unsupported versions of the package, allowing an attacker to manipulate and execute arbitrary commands. Furthermore, the GitHub repository for eslint-fixer has been intentionally removed, highlighting the lack of support and updates for this vulnerable code.
