CVE-2026-15033
christopherthielen check-peer-dependencies peerDependencies packageUtils.js shelljs.exec os command injection
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the component peerDependencies. This manipulation causes os command injection. The attack may be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet.
| CWE | CWE-78 CWE-77 |
| Vendor | christopherthielen |
| Product | check-peer-dependencies |
| Published | Jul 8, 2026 |
| Last Updated | Jul 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for christopherthielen check-peer-dependencies
Be the first to know when new medium vulnerabilities affecting christopherthielen check-peer-dependencies are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
christopherthielen / check-peer-dependencies
4.3.0 4.3.1 4.3.2 4.3.3 4.3.4
References
vuldb.com: https://vuldb.com/vuln/376784 vuldb.com: https://vuldb.com/vuln/376784/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15033 vuldb.com: https://vuldb.com/submit/850875 github.com: https://github.com/christopherthielen/check-peer-dependencies/issues/74 github.com: https://github.com/christopherthielen/check-peer-dependencies/
Credits
๐ Dremig (VulDB User) VulDB CNA Team