Name of the Vulnerable Software and Affected Versions wizard-syncronizer versions (all)

Description The issue concerns a command injection problem. It arises because the cloneAndSync function does not validate input and concatenates it to an exec call. This can be exploited through a malicious widget with a payload in the gitURL value or via a Man-In-The-Middle (MITM) attack, as the package does not enforce HTTPS. This could allow attackers to execute arbitrary system commands.

Recommendations For all versions, consider using an alternative module until a fix is made available.