npm

Severity: high

Command Injection

fs-git

Overview

Affected versions of fs-git do not sanitize strings passed into the buildCommand method, resulting in arbitrary code execution.

Remediation

Update to version 1.0.2 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Aug 29th, 2017
  2. reported

    Initial report by micaksica
    May 30th, 2017