6 matches found
check-branches is vulnerable to command Injection
All versions of the package check-branches are vulnerable to Command Injection. check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...
CVE-2025-11148
CVE-2025-11148 - check-branches is vulnerable to command injection across all versions. The issue arises because the tool trusts branch names as plain text and constructs git commands by concatenating user input, which can be supplied via pull requests or privileged repo access. This allows an at...
CVE-2025-11148
All versions of the package check-branches are vulnerable to Command Injection check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...
PT-2025-40040
All versions of the package check-branches are vulnerable to Command Injection. check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...
PT-2025-39958
Name of the Vulnerable Software and Affected Versions check-branches affected versions not specified Description The software is susceptible to a command injection issue. The tool trusts branch names without sanitization and constructs git commands by concatenating user input. This allows attacke...
Command Injection
Overview check-branches is a CLI to automatically check if your current repo branch has any conflicts with all other repo's branches. Really useful when working with big teams. Affected versions of this package are vulnerable to Command Injection. check-branches is a command-line tool that is...