CVE-2017-16087
The connected advisories describe a vulnerability in the npm package fs-git where strings passed to the buildCommand method are not sanitized, allowing arbitrary code execution. Affected versions of fs-git do not sanitize inputs, enabling code execution via crafted input in buildCommand. The issu...