Omrilotan

Name of the Vulnerable Software and Affected Versions: async-git versions prior to 1.13.2 Description: The issue allows OS Command Injection via shell metacharacters, as demonstrated by `git.reset` and `git.tag`. This may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. Recommendations: For versions prior to 1.13.2, update async-git to version 1.13.2 to resolve the issue. As a temporary workaround, consider sanitizing untrusted user input before passing it to one of the vulnerable functions, such as `git.reset` and `git.tag`.