Homepage

git-pull-or-clone@1.0.0 vulnerabilities

Ensure a git repo exists on disk and that it's up-to-date

  • latest version

    2.0.2

  • latest non vulnerable version

    2.0.2

  • first published

    7 years ago

  • latest version published

    2 years ago

  • licenses detected

  • View git-pull-or-clone package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the git-pull-or-clone package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

    git-pull-or-clone is an Ensure a git repo exists on disk and that it's up-to-date

    Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a command-line argument to the git clone command and result in arbitrary command injection.

    How to fix Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')?

    Upgrade git-pull-or-clone to version 2.0.2 or higher.

    <2.0.2
    Go back to all versions of this package