CVE-2023-26143

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

Blamer Code Injection Vulnerability

blamer is a tool for obtaining code author information from a version control system. A code injection vulnerability exists in blamer 1.0.0 and prior versions, which arises from the failure of a network system or product to properly filter specific elements of externally input data during the...