OS Command Injection Vulnerability in Peer Dependencies by Christopher Thielen
CVE-2026-15033
5.3MEDIUM
What is CVE-2026-15033?
A vulnerability has been identified in the peerDependencies component of check-peer-dependencies up to version 4.3.4, where the shelljs.exec function is susceptible to OS command injection. This weakness can allow attackers to execute arbitrary commands on the host operating system remotely. Despite early notifications from users regarding the issue, the maintainers have not yet provided a response or patch. It is crucial for users of affected versions to assess their exposure to this vulnerability.
Affected Version(s)
check-peer-dependencies 4.3.0
check-peer-dependencies 4.3.1
check-peer-dependencies 4.3.2
