CVE-2019-10776
N/A
N/A
Summary
In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | git-diff-apply | All versions prior to version 0.22.2 | affected |
Weaknesses
- Command Injection
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/kellyselden/git-diff-apply/commit/106d61d3ae723b4257c2a13e67b95eb40a27e0b5
- https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774%2C
References
- https://github.com/kellyselden/git-diff-apply/commit/106d61d3ae723b4257c2a13e67b95eb40a27e0b5
- https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774%2C
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.