From 90b3af4ab8baaa519ed19d96ba8422fd43962f1f Mon Sep 17 00:00:00 2001
From: Asjid Kalam <asjid.kalam@gmail.com>
Date: Wed, 9 Sep 2020 21:27:55 +0530
Subject: [PATCH] fixed RCE

---
 src/normalizer.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/normalizer.js b/src/normalizer.js
index 8476a42..1efe3fe 100644
--- a/src/normalizer.js
+++ b/src/normalizer.js
@@ -277,7 +277,8 @@ var Command = /** @class */ (function () {
         var success = _a.success, fail = _a.fail;
         this.state = 'progress';
         logger.log('Executing: ', this.text);
-        child.exec(this.text, function (error, stdout, stderr) {
+        var cmd = this.text.split(' ');
+        child.execFile(cmd[0], cmd.slice(1), function (error, stdout, stderr) {
             _this.state = 'finished';
             _this.error = error;
             _this.stderr = stderr;