GHSA-M2FC-9H5M-29CM @acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization

The package @acrontum/filesystem-template before 0.0.2 is vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input...

@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization

The package @acrontum/filesystem-template before 0.0.2 is vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input...

Remote Code Execution (RCE)

filesystem-template is vulnerable to remote code execution. The vulnerability exists because it does not escape incoming URL parameters in the fetchRepo API, allowing an attacker to pass and execute malicious code via it...

Command injection

The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input...

PT-2022-14910 · Npm · @Acrontum/Filesystem-Template

Name of the Vulnerable Software and Affected Versions: @acrontum/filesystem-template versions prior to 0.0.2 Description: The issue is related to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input. This allows for potential command...

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The package @acrontum/filesystem-template before 0.0.2 is vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input...

Arbitrary Command Injection

Overview @acrontum/filesystem-template is a Filesystem templating engine and project scaffolding tool Affected versions of this package are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input. PoC: js const filesys =...