Affected script: "install-scripts:install"
The script automatically downloads and executes a file from the internet without sufficient integrity checks, which can be exploited by an attacker if they gain control of the download source or redirect the download to a malicious source. The use of execSync
also poses a risk for command injection if the variables used within the command string are not properly sanitized or come from an untrusted source.
@fuel-ts/forc
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|---|---|---|---|---|
node-fetch | 2.7.0 | 43.6 kB | MIT | prod |