CVE-2022-25923

Name of the Vulnerable Software and Affected Versions exec-local-bin versions prior to 1.2.0

Description The issue is related to Command Injection via the theProcess() functionality due to improper user-input sanitization. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider disabling the theProcess() function until a patch is available. Restrict access to user-input parameters to minimize the risk of exploitation.