CVE-2019-10803

CVE-2019-10803 affects push-dir up to version 0.4.1, enabling OS command injection via unsafely passed argument opt.branch to the git command in index.js (line ~139). Connected sources (Red Hat, OSV, Snyk, Veracode, GHSA) consistently describe arbitrary command execution stemming from lack of val...