3 matches found
css-semdiff (>=1.0.0 <=1.1.0), dtsm (>=0.0.1 <=1.1.0) +6 more potentially affected by CVE-2017-1000451 via fs-git (>=0.1.1 <=1.0.1)
fs-git NPM version =0.1.1, =1.0.0, =0.0.1, =0.1.1, =1.0.0, =1.0.8, =0.1.0, =0.0.3, =0.0.11 Source cves: CVE-2017-1000451 Source advisory: OSV:GHSA-WP3J-GV53-4PG8...
CVE-2017-1000451
fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...
CVE-2017-1000451
CVE-2017-1000451 affects fs-git version 1.0.1, a file-system-like API for Git repositories. The root cause is the buildCommand function used to construct exec strings not sanitizing input, making any code path that calls child_process.exec vulnerable to command injection. This could allow an atta...