๐Ÿ” CVE Alert

CVE-2026-15033

MEDIUM 6.3

christopherthielen check-peer-dependencies peerDependencies packageUtils.js shelljs.exec os command injection

CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th

A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the component peerDependencies. This manipulation causes os command injection. The attack may be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet.

CWE CWE-78 CWE-77
Vendor christopherthielen
Product check-peer-dependencies
Published Jul 8, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for christopherthielen check-peer-dependencies

Be the first to know when new medium vulnerabilities affecting christopherthielen check-peer-dependencies are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

christopherthielen / check-peer-dependencies
4.3.0 4.3.1 4.3.2 4.3.3 4.3.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/376784 vuldb.com: https://vuldb.com/vuln/376784/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15033 vuldb.com: https://vuldb.com/submit/850875 github.com: https://github.com/christopherthielen/check-peer-dependencies/issues/74 github.com: https://github.com/christopherthielen/check-peer-dependencies/

Credits

๐Ÿ” Dremig (VulDB User) VulDB CNA Team