OS Command Injection

2021-02-22T18:30:38
ID NODEJS:1614
Type nodejs
Reporter Anonymous
Modified 2021-02-22T18:30:38

Description

Overview

Affected versions of the async-git package allow OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.

Recommendation

Upgrade to version 1.13.2 or later.

References