A high-severity vulnerability in the "prompts" npm package could allow attackers to manipulate command-line interactions or compromise the integrity of CLI tools.

The vulnerability is located within the "prompts" library, used to create interactive command-line interfaces. An attacker could potentially provide malicious input that bypasses local sanitization, leading to code execution or information disclosure in the context of the CLI application.

CLI tools are often used by developers and administrators with elevated privileges. A vulnerability in a foundational library like "prompts" could lead to the compromise of developer workstations or CI/CD pipelines. The CVSS score of 7.5 indicates a high risk to the software supply chain.

Immediate Action: Update the "prompts" package in your package.json to the latest secured version and rebuild your applications.

Proactive Monitoring: Use software composition analysis (SCA) tools to identify all projects using vulnerable versions of the "prompts" library.

Compensating Controls: Implement strict input validation within your own code that uses the library to ensure that no malicious characters are passed to the prompts.

Public Exploit Available: false

The high CVSS score of 7.5 makes this a critical update for any Node.js development environment. Ensure that all internal and external CLI tools utilizing the "prompts" library are patched to the latest version immediately to maintain supply chain security.