In “index.js” file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2.
[
{
"product": "git-diff-apply",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 0.22.2"
}
]
}
]