High severityNVD Advisory· Published Mar 27, 2023· Updated Feb 24, 2025
CVE-2018-25083
CVE-2018-25083
Description
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pullitnpm | < 1.4.0 | 1.4.0 |
Affected products
2- pullit/pullitdescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-8px5-63x9-5c7pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-25083ghsaADVISORY
- github.com/jkup/pullit/commit/4fec455774ee08f4dce0ef2ef934ffcc37219bfbghsaWEB
- github.com/jkup/pullit/issues/23ghsaWEB
- hackerone.com/reports/315773ghsaWEB
- security.snyk.io/vuln/npm:pullit:20180214ghsaWEB
News mentions
0No linked articles in our index yet.