npm package
pullit
pkg:npm/pullit
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-25083 | — | < 1.4.0 | 1.4.0 | Mar 27, 2023 | The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name. |
- CVE-2018-25083Mar 27, 2023affected < 1.4.0fixed 1.4.0
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name.