The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name.
References
Link | Resource |
---|---|
https://github.com/jkup/pullit/commit/4fec455774ee08f4dce0ef2ef934ffcc37219bfb | Patch |
https://security.snyk.io/vuln/npm:pullit:20180214 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2023-03-27 03:15
Updated : 2024-02-28 20:13
NVD link : CVE-2018-25083
Mitre link : CVE-2018-25083
CVE.ORG link : CVE-2018-25083
JSON object : View
Products Affected
pull_it_project
- pull_it
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')