push-dir up to and including 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an malicious user to inject arbitrary commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
push-dir project push-dir |