CVE-2015-4130: Command Injection
Due to the use of child_process.exec
when executing git commands, ungit allows for commands to be injectied from user input fields that end up in an executed git command.
References
Detect and mitigate CVE-2015-4130 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →