This affects the package @graphql-tools/git-loader prior to 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
the-guild graphql-tools |