Headline
CVE-2020-28434: Snyk Vulnerability Database | Snyk
This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications
snyk-id
SNYK-JS-GITBLAME-1050430
published
26 Jan 2021
disclosed
26 Jan 2021
credit
JHU System Security Lab
How to fix?
There is no fixed version for gitblame.
Overview
gitblame is a package that uses git blame to find out who modified a file.
Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 15 in lib/gitblame.js.
PoC
var a =require("gitblame");
a("& touch JHU",function(){})Related news
A command injection vulnerability affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js.