git-promise@0.1.0 vulnerabilities

Simple wrapper to run any git command and process it's output using promises.

Direct Vulnerabilities

Known vulnerabilities in the git-promise package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Command Injection

git-promise is a Simple wrapper that allows you to run any git command using a more intuitive syntax.

Affected versions of this package are vulnerable to Command Injection due to an inappropriate fix of a prior vulnerability in this package. Note: Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue.

How to fix Command Injection?

There is no fixed version for git-promise.

*
  • H
Remote Code Execution (RCE)

git-promise is a Simple wrapper that allows you to run any git command using a more intuitive syntax.

Affected versions of this package are vulnerable to Remote Code Execution (RCE). The issue occurs because a user input is formatted inside a command that will be executed without any check.

How to fix Remote Code Execution (RCE)?

Upgrade git-promise to version 1.0.0 or higher.

<1.0.0