Description
fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', located within 'lib/rep.js#63' can be controlled by users without any sanitization to inject arbitrary commands.
Remediation
References
https://github.com/gregof/fsa/blob/master/lib/rep.js#L12
https://snyk.io/vuln/SNYK-JS-FSA-564118
Related Vulnerabilities
CVE-2020-7677 Vulnerability in maven package org.webjars.npm:thenify
CVE-2021-43138 Vulnerability in maven package org.webjars.bower:async
CVE-2022-48285 Vulnerability in maven package org.webjars:jszip
CVE-2020-7712 Vulnerability in npm package json
CVE-2022-23913 Vulnerability in maven package org.apache.activemq:artemis-core-client