VYPR

npm package

@graphql-tools/git-loader

pkg:npm/%40graphql-tools/git-loader

Vulnerabilities (1)

  • CVE-2021-23326Jan 20, 2021
    affected < 6.2.6fixed 6.2.6

    This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.