The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| browserstack | browserstack-local | 1.5.8 |