VYPR

npm package

@apostrophecms/cli

pkg:npm/%40apostrophecms/cli

Vulnerabilities (1)

  • CVE-2026-42853MedJun 12, 2026
    affected <= 3.6.0

    ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a s