Paul-Emmanuel Raoul

**Name of the Vulnerable Software and Affected Versions** git versions prior to a fixed version **Description** The issue is related to Remote Code Execution (RCE) due to missing sanitization in the `Git.git` method, allowing execution of OS commands rather than just git commands. This can be exploited by providing malicious input to the `repo.git` function, which can lead to the execution of arbitrary OS commands. The estimated number of potentially affected devices is not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** docker-cli-js versions all **Description** The issue affects the `Docker.command` method in the docker-cli-js package. If a user can partially control the `command` parameter of this method, they can execute arbitrary OS commands on the host system. This allows for potential exploitation, enabling attackers to run any command on the system. **Recommendations** Since all versions are affected and there is no information about a specific fixed version, the following recommendation applies: At the moment, there is no information about a newer version that contains a fix for this vulnerability.