Command Injection in async-git

The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters back-ticks. For example: git.reset'atouch HACKEDb'...

cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character

It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands...