CVE-2020-28490
npm/async-git
Argument Injection or Modification
The package async-git are vulnerable to Command Injection via shell meta-characters (back-ticks). For example, git.reset('a`touch HACKED`b')
All versions before 1.13.2
Upgrade to version 1.13.2 or above.
2021-02-26
source |