npm package
async-git
pkg:npm/async-git
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-28490 | — | < 1.13.2 | 1.13.2 | Feb 18, 2021 | The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb') | ||
| CVE-2021-3190 | — | < 1.13.2 | 1.13.2 | Jan 21, 2021 | The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. |
- CVE-2020-28490Feb 18, 2021affected < 1.13.2fixed 1.13.2
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb')
- CVE-2021-3190Jan 21, 2021affected < 1.13.2fixed 1.13.2
The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.