漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
interactive-git-checkout has Command Injection vulnerability
Vulnerability Description
The npm package `interactive-git-checkout` is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via `npm install -g interactive-git-checkout`. Versions up to and including 1.1.4 of the `interactive-git-checkout` tool are vulnerable to a command injection vulnerability because the software passes the branch name to the `git checkout` command using the Node.js child process module's `exec()` function without proper input validation or sanitization. Commit 8dd832dd302af287a61611f4f85e157cd1c6bb41 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
interactive-git-checkout 命令注入漏洞
Vulnerability Description
interactive-git-checkout是Nino Filiu个人开发者的一个分支切换软件。 interactive-git-checkout 1.1.4及之前版本存在命令注入漏洞,该漏洞源于未对分支名称进行输入验证或清理,可能导致命令注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A