Arbitrary Command Injection
Affecting apex-publish-static-files package, versions <2.0.1
apex-publish-static-files Uploads all files from a local directory to Oracle APEX.
Affected versions of this package are vulnerable to Arbitrary Command Injection. It does not sanitize the
connectionString argument, and subsequently passes it to
execSync(), thus allowing arbitrary shell command injection.
apex-publish-static-files to version 2.0.1 or higher.