BrowserStack Local vulnerable to Command Injection through logfile variable
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js.
Advisories for Npm/Browserstack-Local package
2026