Node.js third-party modules: [commit-msg] RCE via insecure command formatting

I would like to report a RCE issue in the commit-msg module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: commit-msg version: 0.2.3 npm page: https://www.npmjs.com/package/commit-msg Module Description commit-msg is a customizable git commit message...