CVE-2025-59831

Name of the Vulnerable Software and Affected Versions git-commiters versions prior to 0.1.2

Description git-commiters is a Node.js function module used to provide committers statistics for a git repository. A command injection issue exists due to insufficient input sanitization and insecure process execution. The primary API, gitCommiters(options, callback), is affected, specifically when utilizing the cwd (current working directory) and revisionRange options. User-supplied input is concatenated into command execution without proper separation of commands and arguments, potentially allowing for arbitrary command execution.

Recommendations Update git-commiters to version 0.1.2 or later.