command-exists@1.1.0 vulnerabilities

check whether a command line command exists in the current environment

Direct Vulnerabilities

Known vulnerabilities in the command-exists package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Arbitrary Command Injection

command-exists is a node module to check if a command-line command exists.

Affected versions of this package are vulnerable to Arbitrary Command Injection. An attacker may inject and execute arbitrary shell commands while trying to determine if a crafted command exists.

How to fix Arbitrary Command Injection?

Upgrade command-exists to version 1.2.4 or higher.

<1.2.4