What the vulnerability does

01Description

Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.

Key dates

02Disclosure timeline

July 15, 2020 CVE published
August 4, 2024 Record updated