EUVD-2021-0777

Malware in sbrugna...

Command Injection in async-git

The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters back-ticks. For example: git.reset'atouch HACKEDb'...

m2345a-atm (>=1.0.0 <=1.0.1), ndsh (>=1.5.1 <=1.5.5) +1 more potentially affected by CVE-2021-3190 via async-git (=1.13.0)

async-git NPM version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on async-git and may be impacted: - m2345a-atm =1.0.0, =1.5.1, =1.8.1, =1.9.1 Source cves: CVE-2021-3190 Source advisory: OSV:GHSA-6C3F-P5WP-34MH...

m2345a-atm (>=1.0.0 <=1.0.1), ndsh (>=1.5.1 <=1.5.5) +1 more potentially affected by CVE-2020-28490 via async-git (=1.13.0)

async-git NPM version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on async-git and may be impacted: - m2345a-atm =1.0.0, =1.5.1, =1.8.1, =1.9.1 Source cves: CVE-2020-28490 Source advisory: SNYK:JS-ASYNCGIT-1064877...

m2345a-atm (>=1.0.0 <=1.0.1), ndsh (>=1.5.1 <=1.5.5) +1 more potentially affected by CVE-2021-3190 via async-git (=1.13.0)

async-git NPM version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on async-git and may be impacted: - m2345a-atm =1.0.0, =1.5.1, =1.8.1, =1.9.1 Source cves: CVE-2021-3190 Source advisory: SNYK:JS-ASYNCGIT-1063505...