Severity: Critical
CVSS Score: 7.4
The package p4 before 0.0.7 are vulnerable to Command Injection via the run() function due to improper input sanitization