Description
fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', located within 'lib/rep.js#63' can be controlled by users without any sanitization to inject arbitrary commands.
Remediation
References
https://github.com/gregof/fsa/blob/master/lib/rep.js#L12
https://snyk.io/vuln/SNYK-JS-FSA-564118
Related Vulnerabilities
CVE-2023-37958 Vulnerability in maven package org.jenkins-ci.plugins:sumologic-publisher
CVE-2021-21290 Vulnerability in maven package io.netty:netty-transport-native-unix-common-tests
CVE-2022-28366 Vulnerability in maven package net.sourceforge.htmlunit:neko-htmlunit
CVE-2020-6831 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-24819 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates