Описание
push-dir Enables OS Command Injection
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable opt.branch is not validated before being provided to the git command within index.js#L139. This could be abused by an attacker to inject arbitrary commands.
Пакеты
Наименование
push-dir
npm
Затронутые версииВерсия исправления
<= 0.4.1
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
почти 6 лет назад
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands.