CVE-2020-8298

Publication date

2021-03-04 19:09:22

Family

hackerone

State

PUBLISHED

Description

fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.