Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade @finos/git-proxy
to version 1.19.2 or higher.
@finos/git-proxy is a Deploy custom push protections and policies on top of Git.
Affected versions of this package are vulnerable to Information Exposure due to a lack of checking for hidden commits. An attacker can access sensitive repository data by injecting additional commits that are not referenced by any branch, allowing retrieval of confidential information through direct commit URLs.