You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
naholyr github-todos <= 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function.
Description
naholyr github-todos <= 3.1.0 is vulnerable to command injection. The range argument for the
_hook
subcommand is concatenated without any validation, and is directly used by the exec function.CVE ID: CVE-2021-44684
Proof-of-Concept
Impact
This issue may lead to arbitrary command execution.
References
The text was updated successfully, but these errors were encountered: