Homepage
About Snyk

blamer@1.0.3 vulnerabilities

blamer is a tool for getting information about author of code from version control system

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the blamer package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Arbitrary Argument Injection

blamer is a tool for get information about author of code from version control system. Supports git and subversion.

Affected versions of this package are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.

How to fix Arbitrary Argument Injection?

Upgrade blamer to version 1.0.4 or higher.

<1.0.4
Go back to all versions of this package