cve/CVE-2018-25083.md at ba3442246e7a77bf0390b3141c9cc692f0e8edea - cve - 临风笛

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

605 B

Raw Blame History

CVE-2018-25083

Description

The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name.

POC

Reference

https://security.snyk.io/vuln/npm:pullit:20180214

Github

No PoCs found on GitHub currently.