git-commit-info@0.2.0 vulnerabilities

Get the info of an specific commit hash

Direct Vulnerabilities

Known vulnerabilities in the git-commit-info package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Command Injection

git-commit-info is a Get the info of an specific commit hash

Affected versions of this package are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content.

How to fix Command Injection?

Upgrade git-commit-info to version 2.0.2 or higher.

<2.0.2