All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| sketchsvg(npm) | 0 | N/A | N/A |
CVSS Metrics
