git-big-picture@0.10.1 vulnerabilities

Git — the big picture

latest version

1.3.0
latest non vulnerable version

1.3.0
first published

6 years ago
latest version published

2 months ago
licenses detected
- GPL-3.0
  [0,)
View git-big-picture package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the git-big-picture package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Arbitrary Code Execution git-big-picture is a visualization tool for Git repositories. You can think of it as a filter that removes uninteresting commits from a DAG modelling a Git repository and thereby exposes the big picture: for example the hierarchy of tags and branches. `git-big-picture` supports convenience output options and can filter different classes of commits. It uses the Graphviz utility to render images that are pleasing to the eye. Affected versions of this package are vulnerable to Arbitrary Code Execution. Vulnerable versions mishandle single quote characters in a branch name, leading to code execution. How to fix Arbitrary Code Execution? Upgrade `git-big-picture` to version 1.0.0 or higher.	[,1.0.0)
H Remote Code Execution (RCE) git-big-picture is a visualization tool for Git repositories. You can think of it as a filter that removes uninteresting commits from a DAG modelling a Git repository and thereby exposes the big picture: for example the hierarchy of tags and branches. `git-big-picture` supports convenience output options and can filter different classes of commits. It uses the Graphviz utility to render images that are pleasing to the eye. Affected versions of this package are vulnerable to Remote Code Execution (RCE). Mishandles ' characters in a branch name, leading to code execution. How to fix Remote Code Execution (RCE)? Upgrade `git-big-picture` to version 1.0.0 or higher.	[,1.0.0)

Arbitrary Code Execution

git-big-picture is a visualization tool for Git repositories. You can think of it as a filter that removes uninteresting commits from a DAG modelling a Git repository and thereby exposes the big picture: for example the hierarchy of tags and branches. git-big-picture supports convenience output options and can filter different classes of commits. It uses the Graphviz utility to render images that are pleasing to the eye.

Affected versions of this package are vulnerable to Arbitrary Code Execution. Vulnerable versions mishandle single quote characters in a branch name, leading to code execution.

How to fix Arbitrary Code Execution?

Upgrade git-big-picture to version 1.0.0 or higher.

[,1.0.0)

Remote Code Execution (RCE)

Affected versions of this package are vulnerable to Remote Code Execution (RCE). Mishandles ' characters in a branch name, leading to code execution.

How to fix Remote Code Execution (RCE)?

Upgrade git-big-picture to version 1.0.0 or higher.

[,1.0.0)

Go back to all versions of this package

git-big-picture@0.10.1 vulnerabilities

Git — the big picture

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities