CVE-2020-28443

Name of the Vulnerable Software and Affected Versions sonar-wrapper versions (all versions)

Description A command injection issue affects the package. The injection point is located in lib/sonarRunner.js.

Recommendations For all versions, consider restricting access to the vulnerable lib/sonarRunner.js file until a patch is available. As a temporary workaround, avoid using the sonar-wrapper package in sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.