git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommiters(options, callback) which allows specifying options such as cwd for current working directory and revisionRange as a revision pointer, such as HEAD. However, the library does not sanitize for user input or practice secure process execution API to separate commands from their arguments and as such, uncontrolled user input is concatenated into command execution. This issue has been patched in version 0.1.2.
History

Thu, 16 Oct 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Riceball
Riceball git-commiters
CPEs cpe:2.3:a:riceball:git-commiters:*:*:*:*:*:node.js:*:*
Vendors & Products Riceball
Riceball git-commiters
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Thu, 25 Sep 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 25 Sep 2025 13:45:00 +0000

Type Values Removed Values Added
Description git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommiters(options, callback) which allows specifying options such as cwd for current working directory and revisionRange as a revision pointer, such as HEAD. However, the library does not sanitize for user input or practice secure process execution API to separate commands from their arguments and as such, uncontrolled user input is concatenated into command execution. This issue has been patched in version 0.1.2.
Title `git-comiters` Command Injection vulnerability
Weaknesses CWE-77
CWE-78
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-09-25T14:43:16.185Z

Reserved: 2025-09-22T14:34:03.471Z

Link: CVE-2025-59831

cve-icon Vulnrichment

Updated: 2025-09-25T14:42:14.985Z

cve-icon NVD

Status : Analyzed

Published: 2025-09-25T14:15:46.147

Modified: 2025-10-16T15:45:42.370

Link: CVE-2025-59831

cve-icon Redhat

No data.