Headline
CVE-2021-34078: Checkmarx Advisory
lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project’s package.json file.
From time to time, our security researchers find zero-day vulnerabilities in open source projects. When this happens, we inform the relevant maintaners of the package and publish our findings here only after they’ve been remediated, or when a patch is available.
Related news
GHSA-rphm-c8gw-3r38: OS Command Injection in lifion-verify-deps
lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file.