Command Injection

Module: fs-git

Published: August 29th, 2017

Reported by: micaksica

CVE-NONE

CWE-94

Vulnerable: <=1.0.1
Patched: >=1.0.2

Overview

Affected versions of fs-git do not sanitize strings passed into the buildCommand method, resulting in arbitrary code execution.

Remediation

Update to version 1.0.2 or later.

References

Commit #eb5f70e