Mingqing Kang

**Name of the Vulnerable Software and Affected Versions** create-choo-app3 (affected versions not specified) **Description** The issue is related to Command Injection via the `devInstall` function due to improper user-input sanitization. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** create-choo-electron versions all **Description** The issue arises from improper user-input sanitization, making all versions of the package susceptible to Command Injection via the devInstall function. **Recommendations** For all versions, consider disabling the devInstall function as a temporary workaround until a patch is available. Restrict access to the devInstall function to minimize the risk of exploitation. Avoid using user-input in the devInstall function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** cycle-import-check versions prior to 1.3.2 **Description** The issue is related to Command Injection via the `writeFileToTmpDirAndOpenIt` function due to improper user-input sanitization. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider disabling the `writeFileToTmpDirAndOpenIt` function until a patch is available.