Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| global-modules-path_project | global-modules-path | * |