CVE-2022-25865
The vulnerability affects the package workspace-tools prior to 0.18.4. The issue resides in the function fetchRemoteBranch(remote, remoteBranch, cwd) where both the remote and remoteBranch arguments are passed to the git fetch subcommand in a way that allows additional flags to be set, enabling a...