Description
Package Name: shelljs
Package Version: ['0.3.0']
Package Manager: npm
Target File: package.json
Severity Level: high
Snyk ID: SNYK-JS-SHELLJS-2332187
Snyk CVE: CVE-2022-0144
Snyk CWE: CWE-269
Link to issue in Snyk: https://app.snyk.io/org/cse_snyk-playground/project/3af44f44-d085-4709-afa8-a4bc1c966aa1
Snyk Description: ## Overview
shelljs is a wrapper for the Unix shell commands for Node.js.
Affected versions of this package are vulnerable to Improper Privilege Management. When ShellJS is used to create shell scripts which may be running as root, users with low-level privileges on the system can leak sensitive information such as passwords (depending on implementation) from the standard output of the privileged process OR shutdown privileged ShellJS processes via the exec function when triggering EACCESS errors.
Note: Thi only impacts the synchronous version of shell.exec().
Remediation
Upgrade shelljs to version 0.8.5 or higher.