2020-02-28 20:42:09
snyk
PUBLISHED
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation.