Description
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter.
Remediation
References
https://hackerone.com/reports/341710
Related Vulnerabilities
CVE-2020-35209 Vulnerability in maven package io.atomix:atomix
CVE-2023-35925 Vulnerability in maven package com.fastasyncworldedit:fastasyncworldedit-core
CVE-2023-27602 Vulnerability in maven package org.apache.linkis:linkis-dist
CVE-2020-28423 Vulnerability in npm package monorepo-build
CVE-2023-35145 Vulnerability in maven package org.jenkins-ci.plugins:sonargraph-integration