RSS   Vulnerabilities for 'Push-dir'   RSS

2020-02-28
 
CVE-2019-10803

CWE-78
 

 
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands.

 


Copyright 2024, cxsecurity.com

 

Back to Top