git-clone is vulnerable to command injection. The vulnerability exists due to the insecure usage of the --upload-pack
feature of git. An attacker with the ability to control the options object provided to the clone()
function through the options.args array
, is able to inject arbitrary commands to run when the clone function is called.