CVE-2018-25083

The CVE-2018-25083 issue affects the pullit package for Node.js, before version 1.4.0. The root cause is the use of eval on an attacker-supplied Git branch name, enabling OS command injection. Impact is high across confidentiality, integrity, and availability (per CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:...