CVE

CVE-2021-23352

admin

CVE-2021-23352

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.

Source: CVE-2021-23352

Exit mobile version