This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.CreditsJHU System Security LabReferenceshttps://security.snyk.io/vuln/SNYK-JS-SONARWRAPPER-1050980
