[cycle-import-check] cycle-import-check vulnerable to Command Injection

The package cycle-import-check before version 1.3.2 is vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-24377
• https://github.com/Soontao/cycle-import-check/commit/1ca97b59df7e9c704471fcb4cf042ce76d7c9890
• https://security.snyk.io/vuln/SNYK-JS-CYCLEIMPORTCHECK-3157955
• https://github.com/advisories/GHSA-995x-33wq-8gc9