Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection
Vulnerability Description
The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Microsoft workspace-tools 参数注入漏洞
Vulnerability Description
Microsoft workspace-tools是美国微软(Microsoft)公司的一个开源 JS Monorepo 工作区工具。 Microsoft workspace-tools 0.18.4 之前版本存在参数注入漏洞,攻击者利用该漏洞可进行命令注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A