All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| is-http2(npm) | 0 | N/A | N/A |
CVSS Metrics
