Description
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter.
Remediation
References
https://hackerone.com/reports/341710
Related Vulnerabilities
CVE-2021-23561 Vulnerability in npm package comb
CVE-2021-4279 Vulnerability in maven package org.webjars.bower:fast-json-patch
CVE-2023-29515 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui
CVE-2021-25642 Vulnerability in maven package org.apache.hadoop:hadoop-yarn-server-resourcemanager
CVE-2007-5333 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core