Name of the Vulnerable Software and Affected Versions:

codeceptjs version 3.7.3

Description:

codeceptjs version 3.7.3 contains a command injection issue in the `emptyFolder` function located in `lib/utils.js`. The `execSync` command directly concatenates the user-controlled `directoryPath` parameter without sanitization or escaping, potentially allowing attackers to execute arbitrary commands.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.