Rosen-Vladimirov

**Name of the Vulnerable Software and Affected Versions** global-modules-path versions prior to 3.0.0 **Description** The issue is related to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the `getPath` function. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 3.0.0, update to version 3.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the `getPath` function until a patch is available. Restrict access to the `getPath` function to minimize the risk of exploitation.