Name of the Vulnerable Software and Affected Versions: npmcli/git versions prior to 2.0.8

Description: The issue is related to a command injection vulnerability due to improper argument sanitization when executing Git commands based on user-controlled input. This may result in arbitrary shell command execution. The impact of this issue is possible Arbitrary Command Injection when npmcli/git is run with untrusted Git command arguments. For example, passing git+https://github.com/npm/git; echo hello world would trigger the shell execution of echo hello world.

Recommendations: For versions prior to 2.0.8, update to release 2.0.8 to resolve the issue. As a temporary workaround, consider avoiding the use of user-controlled input for Git command arguments until the update is applied.