Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
npm git-parse 操作系统命令操作系统命令注入漏洞
Vulnerability Description
npm git-parse是美国npm公司的一个应用软件。一种实用程序,可生成一组javascript对象,这些数组表示本地git存储库的提交历史记录的当前分支。 git-parse 1.0.4版本及之前版本的“gitDiff”函数存在操作系统命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中,网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。
CVSS Information
N/A
Vulnerability Type
N/A