Description
The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5.
Remediation
References
https://advisory.checkmarx.net/advisory/CX-2020-4302
https://www.npmjs.com/package/git-parse
Related Vulnerabilities
CVE-2021-40822 Vulnerability in maven package org.geoserver:gs-main
CVE-2018-21268 Vulnerability in npm package traceroute
CVE-2021-27515 Vulnerability in npm package url-parse
CVE-2023-5072 Vulnerability in maven package org.json:json
CVE-2023-26920 Vulnerability in maven package org.webjars.npm:fast-xml-parser