EUVD-2022-1097

Malicious code in bioql PyPI...

OS Command Injection

git-parse is vulnerable to OS command injection. Untrusted input in gitDiff is passed into an exec function without validation, allowing an attacker to execute arbitrary OS commands on the host OS...

CVE-2021-26543

The "gitDiff" function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5...

CVE-2021-26543

The "gitDiff" function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5...

CVE-2021-26543

The CVE-2021-26543 issue affects the Wayfair git-parse library, specifically the gitDiff function in versions

npm git-parse 操作系统命令操作系统命令注入漏洞

npm git-parse is an application from the American company npm. It is a utility program that generates a set of javascript objects that represent the current branch of the commit history of a local git repository. An operating system command injection vulnerability exists in the "gitDiff" function...