An attacker could make the backend process to execute arbitrary shell
commands by making requests to URLs containing shell metacharacters.
This commit fixes the vulnerability by replacing a use of
"child_process.exec" with "child_process.execFile", which executes
"irsend" directly instead of through a shell command.
An attacker could make the backend process to execute arbitrary shell commands by making requests to URLs containing shell metacharacters.
This commit fixes the vulnerability by replacing a use of "child_process.exec" with "child_process.execFile", which executes "irsend" directly instead of through a shell command.