GHSA-6F9P-G466-F8V8 blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API

Versions of the blamer package before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

CVE-2023-26143

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

CVE-2023-26143

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

Remote Code Execution (RCE)

blamer is vulnerable to remote code execution. The vulnerability exists due to the improper handling of the values of args in the blameByFile function...