EPSS
Percentile
68.7%
Affected versions of @graphql-tools/git-loader package are vulnerable to Command Injection. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.
@graphql-tools/git-loader
exec
execSync
packages/loaders/git/src/load-git.ts
Upgrade to fix version 6.2.6 or later