naholyr/github-todos

Releases16

Frequency1 week 1 day

Last Release about 11 years ago

Stars1.28K

Git hook to convert your TODOs into Github issues

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-44684 ↗	Dec 7, 2021Tuesday, 7 December 2021, 00:15	9.8 CRITICAL	7.5 HIGH
naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function.