check-branches is vulnerable to command Injection
All versions of the package check-branches are vulnerable to Command Injection. check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: It trusts branch names as they are (plain text) It spawns git commands by concatenating user input Since a branch name is potentially a user input - as …