All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.
git-clone project git-clone