Homepage
About Snyk

gfc@2.0.2 vulnerabilities

Simple way to initialize a new git repository in an empty directory, add a file and do a first commit (or skip that part in a directory with files). Useful for unit tests and generators.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the gfc package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Command Injection

gfc is a Simple way to initialize a new git repository in an empty directory, add a file and do a first commit (or skip that part in a directory with files). Useful for unit tests and generators.

Affected versions of this package are vulnerable to Command Injection via the options argument which is used to build the command that is passed to the child_process.exec function without any sanitization.

POC

const firstCommit = require('gfc');
const options = {message: '""; touch HACKED;'};
firstCommit('.', options, function(err) {});

How to fix Command Injection?

There is no fixed version for gfc.

*
Go back to all versions of this package