Description
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter.
Remediation
References
https://hackerone.com/reports/341710
Related Vulnerabilities
CVE-2022-39230 Vulnerability in npm package fhir-works-on-aws-authz-smart
CVE-2023-49447 Vulnerability in maven package com.jfinal:jfinal
CVE-2022-36127 Vulnerability in npm package skywalking-backend-js
CVE-2023-22578 Vulnerability in npm package @sequelize/core
CVE-2023-29210 Vulnerability in maven package org.xwiki.platform:xwiki-platform-notifications-ui