Skip to content

Commit

Permalink
fix: fix command injection vector
Browse files Browse the repository at this point in the history
  • Loading branch information
lirantal committed Apr 6, 2022
1 parent 4f8b9ba commit f9ce092
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion index.js
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ function gitPullOrClone (url, outPath, opts, cb) {
function gitClone () {
// --depth implies --single-branch
const flag = depth < Infinity ? '--depth=' + depth : '--single-branch'
const args = ['clone', flag, url, outPath]
const args = ['clone', flag, '--', url, outPath]
debug('git ' + args.join(' '))
spawn('git', args, {}, function (err) {
if (err) err.message += ' (git clone) (' + url + ')'
Expand Down

0 comments on commit f9ce092

Please # to comment.