git-diff-apply is vulnerable to OS command injection. Lack of validation and sanitization of the remoteUrl
parameter allows an attacker to inject arbitrary OS command via the affected parameter that is subsequently used in utils.run
as a git command.