Mokksh Parekh

**Name of the Vulnerable Software and Affected Versions** degit versions prior to 2.8.6 degit versions 3.0.0 through 3.3.0 **Description** Command Injection occurs due to improper sanitization of user input used in git shell commands. The ` cloneWithGit()` and `fetchRefs()` functions directly invoke these commands using the `exec()` method. An attacker can execute arbitrary operating system commands as the process user by providing a specially crafted git repository name. This issue primarily affects template generators, project bootstrappers, and CI pipelines that process untrusted repository identifiers. **Recommendations** Update to version 2.8.6 for versions prior to 2.8.6. Update to version 3.3.1 for versions 3.0.0 through 3.3.0.