CVE-2022-24376

Summary

All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior vulnerability in this package. Note: Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue.

Affected Software

VendorProductVersion RangeStatus
n/agit-promise0 < unspecifiedaffected

Weaknesses

  • Command Injection

ADP Enrichment

CVE Program Container

Additional References

References