2 matches found
console-blame (>=1.0.0 <=1.1.1), grunt-lintblame (>=0.1.0 <=0.3.5) +2 more potentially affected by CVE-2020-28434 via gitblame (>=0.1.0 <=0.1.1)
gitblame NPM version =0.1.0, =1.0.0, =0.1.0, =0.2.5, =0.9.5 - tch-lint-jshint =0.0.1 Source cves: CVE-2020-28434 Source advisory: OSV:GHSA-3486-RVXC-HRRJ...
CVE-2020-28434
CVE-2020-28434 affects all versions of the gitblame package. The root cause is a command injection in gitblame.js where the file parameter is not properly sanitized before using exec, enabling arbitrary code execution. Public documents corroborate that the vulnerability exists across all versions...