EPSS
Percentile
76.3%
async-git is vulnerable to command injection. An attacker is able to inject malicious OS command to the system shell via the getter function in the index.js file.
getter
index.js
github.com/omrilotan/async-git/commit/d1950a5021f4e19d92f347614be0d85ce991510d
github.com/omrilotan/async-git/pull/14