Description
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands.
Remediation
References
https://snyk.io/vuln/SNYK-JS-PUSHDIR-559009
https://github.com/L33T-KR3W/push-dir/blob/master/index.js#L139
Related Vulnerabilities
CVE-2021-23341 Vulnerability in maven package org.webjars.npm:prismjs
CVE-2017-16122 Vulnerability in npm package cuciuci
CVE-2023-37950 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration
CVE-2022-2390 Vulnerability in maven package com.google.android.gms:play-services-basement