Severity: high

Command Injection

fs-git

Overview

Affected versions of fs-git do not sanitize strings passed into the buildCommand method, resulting in arbitrary code execution.

Remediation

Update to version 1.0.2 or later.

Resources

Advisory timeline

  1. published

    Advisory published
    Aug 29th, 2017
  2. reported

    May 30th, 2017