3 matches found
Arbitrary Command Execution
push-dir is vulnerable to Arbitrary Command Execution. The vulnerability is due to the lack of validation for arguments provided in the "opt.branch" variable before being passed to the "git" command, allowing an attacker to inject arbitrary commands...
@3yourmind/yoco (=0.0.2-beta.3), @auto-canary/gh-pages (>=9.16.7-canary.0.b718636d.0 <=11.3.0--canary.2478.87bcf4d47797ed8cc7152538b86fd742d8d19462.0) +7 more potentially affected by CVE-2019-10803 via push-dir (=0.4.1)
push-dir NPM version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on push-dir and may be impacted: - @3yourmind/yoco =0.0.2-beta.3 - @auto-canary/gh-pages =9.16.7-canary.0.b718636d.0, =9.17.0, =1.0.0, =0.0.16, =0.0.37, =0.0.1, =0.1.1, =0.7.12...
@3yourmind/yoco (=0.0.2-beta.3), @auto-canary/gh-pages (>=9.16.7-canary.0.b718636d.0 <=11.3.0--canary.2478.87bcf4d47797ed8cc7152538b86fd742d8d19462.0) +7 more potentially affected by CVE-2019-10803 via push-dir (=0.4.1)
push-dir NPM version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on push-dir and may be impacted: - @3yourmind/yoco =0.0.2-beta.3 - @auto-canary/gh-pages =9.16.7-canary.0.b718636d.0, =9.17.0, =1.0.0, =0.0.16, =0.0.37, =0.0.1, =0.1.1, =0.7.12...