EUVD-2020-0906

Malware in sbrugna...

CVE-2018-25083

The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...

Arbitrary Command Execution

pullit is vulnerable to Arbitrary Command Execution. The vulnerability exists in index.js due to an insecure use of the eval function which allows an attacker to inject and execute arbitrary commands...

GHSA-2W9P-XF5H-QWJ3 Duplicate Advisory: pullit Command Injection vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8px5-63x9-5c7p. This link is maintained to preserve external references. Original Description The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied...

CVE-2018-25083

The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...

Command injection

The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...

CVE-2018-25083

The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...

CVE-2018-25083

The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...

pullit 操作系统命令注入漏洞

pullit is used by Jon Kuperman, a personal developer, to display and pull branches from GitHub pull requests. A security vulnerability exists in pullit versions prior to 1.4.0. An attacker could exploit this vulnerability to perform an operating system command injection attack...

CVE-2018-25083

The CVE-2018-25083 issue affects the pullit package for Node.js, before version 1.4.0. The root cause is the use of eval on an attacker-supplied Git branch name, enabling OS command injection. Impact is high across confidentiality, integrity, and availability (per CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:...

GHSA-8PX5-63X9-5C7P pullit vulnerable to command injection

Versions of pullit prior to 1.4.0 are vulnerable to Command Injection. The package does not validate input on git branch names and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. Recommendation Upgrade to version 1.4.0 or later. Credits This...

pullit vulnerable to command injection

Versions of pullit prior to 1.4.0 are vulnerable to Command Injection. The package does not validate input on git branch names and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. Recommendation Upgrade to version 1.4.0 or later. Credits This...

Command Injection

Overview Versions of pullit prior to 1.4.0 are vulnerable to Command Injection. The package does not validate input on git branch names and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. Recommendation Upgrade to version 1.4.0 or later. References -...

Remote Code Execution (RCE)

pullit is vulnerable to remote code execution RCE attacks. The application uses the unsafe shell execution API commands, allowing a malicious user to inject and execute arbitrary code through the git checkout command...

Node.js third-party modules: Remote Command Execution vulnerability in pullit

I would like to report Remote Command Execution vulnerability in pullit It allows remote command execution such as reading or writing to the file system, and executing other programs under the current user running the pullit node executable. Module pullit https://www.npmjs.com/package/pullit...