Remote Code Execution (RCE)

create-git is vulnerable to remote code execution RCE. The vulnerability exists as it allows concatenation and execution of user provided input without proper checking inside a exec call, leading to an execution of malicious commands...

Node.js third-party modules: [create-git] RCE via insecure command formatting

The create-git NPM module was vulnerable against command injection which was possible since some user supplied inputs were concatenated without proper checks inside a exec call, which made possible executing arbitrary commands besides the git one which is used by the tool. The PoC resulted in: js...