Vulnerabilities > CVE-2022-25908 - Unspecified vulnerability in Create-Choo-Electron Project Create-Choo-Electron

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

create-choo-electron-project

critical

NVD

Published: 2023-01-26

Updated: 2023-11-07

Summary

All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.

Vulnerable Configurations

Part	Description	Count
Application	Create-Choo-Electron_Project Create Choo Electron Project Create Choo Electron *	1

References

https://security.snyk.io/vuln/SNYK-JS-CREATECHOOELECTRON-3157953