Filtered by vendor Git-commit-info Project Subscriptions
Filtered by product Git-commit-info Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-26134 1 Git-commit-info Project 1 Git-commit-info 2024-11-27 9.8 Critical
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content.