Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to missing sanitisation in the
Git.git method, which allows execution of OS commands rather than just Git commands.
Steps to Reproduce
Create a file named
exploit.jswith the following content:
var Git = require("git").Git;