CVE-2018-25083

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-25083

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25083.json

Aliases

GHSA-8px5-63x9-5c7p

Published

2023-03-27T03:15:07Z

Modified

2023-11-08T04:00:16.322767Z

Details

The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name.

References

Affected packages

Git / github.com/jkup/pullit

Affected ranges

Type: GIT
Repo: https://github.com/jkup/pullit
Events: Introduced

0The exact introduced commit is unknown

Fixed

4fec455774ee08f4dce0ef2ef934ffcc37219bfb