GHSA-49MG-94FC-2FX6 Command Injection in npm-git-publish

All versions of npm-git-publish are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an execSync call, which may allow attackers to execute arbitrary code in the system. The publish function is vulnerable through the gitRemoteUrl variable...

Command Injection in npm-git-publish

All versions of npm-git-publish are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an execSync call, which may allow attackers to execute arbitrary code in the system. The publish function is vulnerable through the gitRemoteUrl variable...

Command Injection

Overview All versions of npm-git-publish are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an execSync call, which may allow attackers to execute arbitrary code in the system. The publish function is vulnerable through the gitRemoteUrl variable...

Arbitrary Command Injection

npm-git-publish is vulnerable to arbitrary command injection. The vulnerability exists as gitRemoteUrl and gitRepoDir in lib/publish.ts are not sanitized, and are passed to execSync as a value to be executed...