VYPR
High severityGHSA Advisory· Published May 29, 2019· Updated Jan 23, 2026

Duplicate Advisory: Command Injection in fs-git

CVE-2017-16087

Description

Duplicate

Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wp3j-gv53-4pg8. This link is maintained to preserve external references.

Original

Description Affected versions of fs-git do not sanitize strings passed into the buildCommand method, resulting in arbitrary code execution.

Recommendation

Update to version 1.0.2 or later.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
fs-gitnpm
< 1.0.21.0.2

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.