You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
pullit vulnerable to command injection
High severity
GitHub Reviewed
Published
Sep 3, 2020
to the GitHub Advisory Database
•
Updated Mar 28, 2023
Versions of pullit prior to 1.4.0 are vulnerable to Command Injection. The package does not validate input on git branch names and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system.
Versions of
pullitprior to 1.4.0 are vulnerable to Command Injection. The package does not validate input on git branch names and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system.Recommendation
Upgrade to version 1.4.0 or later.
Credits
This vulnerability was discovered by @lirantal
References