Описание
Duplicate Advisory: pullit Command Injection vulnerability
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-8px5-63x9-5c7p. This link is maintained to preserve external references.
Original Description
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval() is used on an attacker-supplied Git branch name.
Пакеты
Наименование
pullit
npm
Затронутые версииВерсия исправления
Отсутствует