Impact
This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input.
Patches
Patched by version 2.0.0. Previous releases are deprecated in npm.
Workarounds
Make sure to escape git commit messages when using the commitMessage option for the update function.
Impact
This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input.
Patches
Patched by version 2.0.0. Previous releases are deprecated in npm.
Workarounds
Make sure to escape git commit messages when using the commitMessage option for the update function.