5 matches found
EUVD-2024-2956
Malicious code in bioql PyPI...
CVE-2024-21532
All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...
CVE-2024-21532
All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...
CVE-2024-21532
The CVE-2024-21532 issue affects the npm package ggit. Affected versions allow Command Injection via fetchTags(branch): user input specifies the branch, which is concatenated into a git command that is passed to Node.js child_process.exec(), enabling potentially arbitrary commands. Root cause is ...
CVE-2024-21532
All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...