2 matches found
CVE-2021-3190
The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag...
Command Injection
Overview async-git is a 👾 Retrieve data from current git repository Affected versions of this package are vulnerable to Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. POC git.reset'; touch HACKED '; // file "HACKED" was created git.tag'; touch HACKED '; //...