git-commit-info@0.1.0 vulnerabilities

Get the info of an specific commit hash

latest version

2.0.2
latest non vulnerable version

2.0.2
first published

12 years ago
latest version published

10 months ago
licenses detected
- MIT
  >=0
View git-commit-info package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the git-commit-info package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Command Injection git-commit-info is a Get the info of an specific commit hash Affected versions of this package are vulnerable to Command Injection such that the package-exported method `gitCommitInfo ()` fails to sanitize its parameter `commit`, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content. How to fix Command Injection? Upgrade `git-commit-info` to version 2.0.2 or higher.	<2.0.2

Command Injection

git-commit-info is a Get the info of an specific commit hash

Affected versions of this package are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content.

How to fix Command Injection?

Upgrade git-commit-info to version 2.0.2 or higher.

<2.0.2

Go back to all versions of this package

git-commit-info@0.1.0 vulnerabilities

Get the info of an specific commit hash

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities