The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| git-parse(npm) | 0 | 1.0.5 | N/A |
CVSS Metrics
