2 matches found
CVE-2021-44684
naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...
Github-Todos 操作系统命令注入漏洞
Github-Todos is used to convert Todo to Github issues by the French individual developer Nicolas Chambrier. A security vulnerability exists in naholyr github-todos 3.1.0, which stems from the range parameter of the hook subcommand being concatenated without any validation and used directly by the...