Node.js repository CI/CD vulnerable to RCE