Description
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.
Remediation
References
https://gist.github.com/lirantal/9441f3a1212728476f7a6caa4acb2ccc
https://snyk.io/vuln/SNYK-JS-GITCLONE-2434308
Related Vulnerabilities
CVE-2022-22885 Vulnerability in maven package cn.hutool:hutool-http
CVE-2022-45206 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core
CVE-2022-45401 Vulnerability in maven package org.jenkinsci.plugins:associated-files
CVE-2020-7637 Vulnerability in maven package org.webjars.npm:class-transformer
CVE-2021-28100 Vulnerability in maven package com.netflix.priam:priam