6 matches found
CVE-2018-25083
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...
CVE-2018-25083
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...
CVE-2018-25083
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...
CVE-2018-25083
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...
CVE-2018-25083
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...
CVE-2018-25083
The CVE-2018-25083 issue affects the pullit package for Node.js, before version 1.4.0. The root cause is the use of eval on an attacker-supplied Git branch name, enabling OS command injection. Impact is high across confidentiality, integrity, and availability (per CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:...