CVE-2021-44684

Published
View on NVD ↗
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
2
PROJECTS

Description

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function.

dwisiswant0/advisory
dwisiswant0/advisory
My advisories (backlog)
GitHubGitHub
7
naholyr/github-todos
naholyr/github-todos
Git hook to convert your TODOs into Github issues
GitHubGitHub
1.28K