Npm · @Graphql-Tools/Git-Loader · CVE-2021-23326
**Name of the Vulnerable Software and Affected Versions**
@graphql-tools/git-loader versions prior to 6.2.6
**Description**
The issue allows for arbitrary command injection due to the use of `exec` and `execSync` in the `load-git.ts` file. This is a result of the package's design, which enables an attacker to inject malicious commands.
**Recommendations**
For versions prior to 6.2.6, update to version 6.2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `load-git.ts` file or disabling the use of `exec` and `execSync` functions until a patch is applied.