← back
CVE-2026-15033

christopherthielen check-peer-dependencies peerDependencies packageUtils.js shelljs.exec os command injection

CVSS 5.3 MEDIUMCWE-77CWE-78
Vexday Risk Score
10Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Jul 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the component peerDependencies. This manipulation causes os command injection. The attack may be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X