CVE-2020-28490
Argument Injection or Modification in npm/async-git
Identifiers
CVE-2020-28490
Package Slug
npm/async-git
Vulnerability
Argument Injection or Modification
Description
The package async-git are vulnerable to Command Injection via shell meta-characters (back-ticks). For example, git.reset('a`touch HACKED`b')
Affected Versions
All versions before 1.13.2
Solution
Upgrade to version 1.13.2 or above.
Last Modified
2021-02-26
| source |