What the vulnerability does
01Description
All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
CVSS base score
7.4/10
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
Key dates
02Disclosure timeline
February 6, 2023
CVE published
March 25, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-14008 Nagios XI < 2024R1.3.2 RCE via WinRM Configuration Wizard
CVE-2026-0273 PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI
CVE-2026-0755 gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability
CVE-2023-35193
CVE-2025-64106 Cursor: Speedbump Modal Bypass in MCP Server Deep-Link
