Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
参数注入或修改
Vulnerability Title
Blamer 参数注入漏洞
Vulnerability Description
Blamer是一款用于从版本控制系统中获取代码作者信息的工具。 Blamer 1.0.4之前版本存在安全漏洞,该漏洞源于blameByFile() API存在任意参数注入漏洞。
CVSS Information
N/A
Vulnerability Type
N/A