Name of the Vulnerable Software and Affected Versions npm-git-publish versions (affected versions not specified)

Description The issue concerns a command injection problem where input is not properly sanitized and is directly passed to an execSync call, potentially allowing attackers to execute arbitrary code on the system. The publish function is vulnerable through the gitRemoteUrl variable.

Recommendations Consider using an alternative package until a fix is made available. As a temporary workaround, consider restricting the use of the publish function or sanitizing the input for the gitRemoteUrl variable to minimize the risk of exploitation.