High severityGHSA Advisory· Published May 29, 2019· Updated Jan 23, 2026
Duplicate Advisory: Command Injection in fs-git
CVE-2017-16087
Description
Duplicate
Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wp3j-gv53-4pg8. This link is maintained to preserve external references.
Original
Description Affected versions of fs-git do not sanitize strings passed into the buildCommand method, resulting in arbitrary code execution.
Recommendation
Update to version 1.0.2 or later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
fs-gitnpm | < 1.0.2 | 1.0.2 |
Affected products
2Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.