CVE-2020-28490 – The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-cha …

Vuln ID: CVE-2020-28490

Published:  2021-02-18  15:15:13Z

Description: The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset(‘atouch HACKEDb’)

Source: NVD.NIST.GOV