You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We would like to report a potential security vulnerability in node-git-root.
The bug is introduced because the package-exported method gitroot fails to sanitize the parameter and let it flow into a sensitive command execution API.
Here is the proof of concept.
const gitroot = require('git-root');
gitroot(". && touch cmd"). // a file named cmd will be created
Please consider fix it. thanks!
The text was updated successfully, but these errors were encountered:
xiaofen9
changed the title
command injection vulnerability in node-git-root
Potential command injection vulnerability in node-git-root
Mar 3, 2023
Hi,
We would like to report a potential security vulnerability in node-git-root.
The bug is introduced because the package-exported method
gitroot
fails to sanitize the parameter and let it flow into a sensitive command execution API.Here is the proof of concept.
Please consider fix it. thanks!
The text was updated successfully, but these errors were encountered: