CVE-2020-28490

🗓️ 18 Feb 2021 15:13:15Reported by [email protected]Type

The async-git package before version 1.13.2 allows Command Injection via shell meta-character

Reporter	Title	Published	Views	Family All 7
Cvelist	CVE-2020-28490 Command Injection	18 Feb 202114:20	–	cvelist
OSV	Command Injection in async-git	12 Apr 202119:50	–	osv
OSV	CVE-2020-28490	18 Feb 202115:15	–	osv
Github Security Blog	Command Injection in async-git	12 Apr 202119:50	–	github
Prion	Command injection	18 Feb 202115:15	–	prion
Veracode	Command Injection	19 Feb 202103:08	–	veracode
CVE	CVE-2020-28490	18 Feb 202115:15	–	cve

Nvd

Node

async-git_project async-gitRange<1.13.2node.js

Source	Link
github	www.github.com/omrilotan/async-git/commit/d1950a5021f4e19d92f347614be0d85ce991510d
github	www.github.com/omrilotan/async-git/pull/14
snyk	www.snyk.io/vuln/SNYK-JS-ASYNCGIT-1064877

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

18 Feb 2021 15:15Current

CVSS27.5

CVSS39.8

EPSS0.00912

CWE-78