Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
naholyr github-todos <= 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function.
_hook
CVE ID: CVE-2021-44684
This issue may lead to arbitrary command execution.
The text was updated successfully, but these errors were encountered:
It seems like it's been 120-day, has this disclosure not received a response from the vendor yet? Please make a decision in the next 2-day.
Sorry, something went wrong.
CVE requested.
dwisiswant0
No branches or pull requests
Description
naholyr github-todos <= 3.1.0 is vulnerable to command injection. The range argument for the
_hooksubcommand is concatenated without any validation, and is directly used by the exec function.CVE ID: CVE-2021-44684
Proof-of-Concept
Impact
This issue may lead to arbitrary command execution.
References
The text was updated successfully, but these errors were encountered: