0.014 Low
EPSS
Percentile
86.3%
dependabot-common is vulnerable to remote code execution. An attacker is able to inject arbitrary Shell commands via a branch name URL during cloning of the source repository.
github.com/dependabot/dependabot-core/commit/e089116abbe284425b976f7920e502b8e83a61b5
github.com/dependabot/dependabot-core/pull/2727
github.com/dependabot/dependabot-core/security/advisories/GHSA-23f7-99jx-m54r