CVE-2020-28422

All versions of package git-archive are vulnerable to Command Injection via the exports function.