Arbitrary Command Execution Vulnerability in Giting Version Prior to 0.0.8

Arbitrary Command Execution Vulnerability in Giting Version Prior to 0.0.8

CVE-2019-10802 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation.

Learn more about our Web Application Penetration Testing UK.