3 matches found
EUVD-2022-6466
Malicious code in bioql PyPI...
console-blame (>=1.0.0 <=1.1.1), grunt-lintblame (>=0.1.0 <=0.3.5) +2 more potentially affected by CVE-2020-28434 via gitblame (>=0.1.0 <=0.1.1)
gitblame NPM version =0.1.0, =1.0.0, =0.1.0, =0.2.5, =0.9.5 - tch-lint-jshint =0.0.1 Source cves: CVE-2020-28434 Source advisory: OSV:GHSA-3486-RVXC-HRRJ...
Command Injection
Overview gitblame is a package that uses git blame to find out who modified a file. Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 15 in lib/gitblame.js. PoC var a =require"gitblame"; a"& touch JHU",function Remediation There is no...