Описание
Command injection in git-it-electron
Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution).
Пакеты
Наименование
git-it-electron
npm
Затронутые версииВерсия исправления
<= 4.3.0
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
около 4 лет назад
Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution).