CVE-2020-7601: OS Command Injection in gulp-scss-lint

Severity: Critical

CVSS Score: 9.8

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options.