N/A

All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

ggit 安全漏洞

ggit是Gleb Bahmutov个人开发者的一个工具。 ggit存在安全漏洞，该漏洞源于允许用户输入要获取的分支，容易受到命令注入攻击。

N/A

N/A