Potential command injection vulnerability in node-git-root #2
Description
Hi,
We would like to report a potential security vulnerability in node-git-root.
The bug is introduced because the package-exported method gitroot fails to sanitize the parameter and let it flow into a sensitive command execution API.
Here is the proof of concept.
const gitroot = require('git-root');
gitroot(". && touch cmd"). // a file named cmd will be created
Please consider fix it. thanks!