CVE-2019-10803

Summary

push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands.

Affected Software

VendorProductVersion RangeStatus
n/apush-dirAll versions including 0.4.1affected

Weaknesses

  • Command Injection

ADP Enrichment

CVE Program Container

Additional References

References