We are running fortify scan on are developed extension code and getting security venerability on below exec command.
exec(command, (error: any, stdout: any, stderr: any).
Error Details:
The problem here is that the program does not specify an absolute path for make and fails to clean its environment prior to executing the call to child_process.exec(). If an attacker can modify the $PATH variable to point to a malicious binary called make and then execute the application in their environment, the malicious binary will be loaded instead of the one intended. Because of the nature of the application, it runs with the privileges necessary to perform system operations, which means the attacker's make will now be run with these privileges, possibly giving them complete control of the system.
Please let us know if we can use some alternative command or method to overcome this issue.
