Description
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter.
Remediation
References
https://hackerone.com/reports/341710
Related Vulnerabilities
CVE-2022-39287 Vulnerability in npm package tiny-csrf
CVE-2023-32731 Vulnerability in maven package io.grpc:grpc-protobuf
CVE-2022-41918 Vulnerability in maven package org.opensearch.plugin:opensearch-security
CVE-2022-31170 Vulnerability in npm package @openzeppelin/contracts-upgradeable
CVE-2020-35451 Vulnerability in maven package org.apache.oozie:oozie-tools