CVE-2022-24376

Name of the Vulnerable Software and Affected Versions git-promise versions all

Description The issue is related to Command Injection due to an inappropriate fix of a prior vulnerability in the git-promise package. The README file was updated with a warning regarding this issue. It is noted that the vulnerability will not be fixed.

Recommendations As a permanent solution is not available, consider avoiding the use of the git-promise package until alternative solutions are found. At the moment, there is no information about a newer version that contains a fix for this vulnerability.