3 matches found
conventional-changelog-semf-config (=1.0.4) potentially affected by CVE-2018-3785 via git-dummy-commit (=1.3.0)
git-dummy-commit NPM version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on git-dummy-commit and may be impacted: - conventional-changelog-semf-config =1.0.4 Source cves: CVE-2018-3785 Source advisory: OSV:GHSA-H3C2-X77C-7PVR...
CVE-2018-3785
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...
CVE-2018-3785
CVE-2018-3785 affects git-dummy-commit v1.3.0, where an unescaped parameter allows command injection to execute OS commands. Several sources confirm the issue is a command-injection in the msg/filename handling, enabling remote or local command execution depending on context. Impact is high (OS-l...