CVE-2020-28490 – Command Injection
https://notcve.org/view.php?id=CVE-2020-28490
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb') El paquete async-git versiones anteriores a 1.13.2, es vulnerable a una inyección de comandos por medio de metacaracteres de shell (retrocesos). Por ejemplo: git.reset('atouch HACKEDb') • https://github.com/omrilotan/async-git/commit/d1950a5021f4e19d92f347614be0d85ce991510d https://github.com/omrilotan/async-git/pull/14 https://snyk.io/vuln/SNYK-JS-ASYNCGIT-1064877 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-3190
https://notcve.org/view.php?id=CVE-2021-3190
The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. El paquete async-git versiones anteriores a 1.13.2 para Node.js, permite una Inyección de Comandos del Sistema Operativo por medio de metacaracteres de shell, como es demostrado por git.reset y git.tag • https://advisory.checkmarx.net/advisory/CX-2021-4772 https://github.com/omrilotan/async-git/pull/13 https://github.com/omrilotan/async-git/pull/13/commits/611823bd97dd41e9e8127c38066868ff9dcfa57a https://github.com/omrilotan/async-git/pull/13/commits/a5f45f58941006c4cc1699609383b533d9b92c6a https://github.com/omrilotan/async-git/pull/14 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •