Summary: pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization.Published: Monday, April 27, 2020 - 22:15cvss: 5.0