View all vulnerabilities

CVE-2022-21191

global-modules-path Command Injection vulnerability

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
9.8
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Versions
global-modules-path < 3.0.0
Severity
Ecosystem
JavaScript
Publish Date
January 13, 2023
Modified Date
April 4, 2025