fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://nodesecurity.io/advisories/360 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-01-02T17:00:00
Updated: 2024-08-05T22:00:41.567Z
Reserved: 2018-01-02T00:00:00
Link: CVE-2017-1000451
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-01-02T17:29:00.557
Modified: 2024-11-21T03:04:45.597
Link: CVE-2017-1000451
Redhat
No data.