<p>Upgrade <code>@floffah/build</code> to version 1.0.0 or higher.</p>

Command Injection Affecting @floffah/build package, versions <1.0.0

Snyk CVSS

Attack Complexity Low

Privileges Required High

Integrity High

Availability High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JS-FLOFFAHBUILD-1298045
published 30 May 2021
disclosed 28 May 2021
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 28 May 2021

CWE-78 Open this link in a new tab

How to fix?

Upgrade @floffah/build to version 1.0.0 or higher.

Overview

@floffah/build is a Small cli tool for building monorepos when you are lazy

Affected versions of this package are vulnerable to Command Injection. An attacker is able to maliciously alter project settings via the command line.

References

GitHub Release