All versions of package git-promise is vulnerable to Command Injection due to an inappropriate fix of a prior vulnerability in this package. Note: Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue.
@lirantal for discovering this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
git-promise | le | 1.0.0 |