OS Command Injection Vulnerability in AWS jsii-diff Package
CVE-2026-15895
8.4HIGH
What is CVE-2026-15895?
A vulnerability exists in the AWS jsii-diff package prior to version 1.131.0, allowing attackers to exploit command injection. By passing specially crafted package specifiers through the npm: source argument, an attacker may execute arbitrary commands within the context of the application, presenting a substantial risk for systems utilizing this package. It is crucial for users to update to jsii-diff version 1.131.0 or later to mitigate this risk effectively.
Affected Version(s)
jsii 0 < 1.131.0
