All versions of package git-archive are vulnerable to Command Injection via the exports function.
git-archive project git-archive