CVE-2017-1000451

fs-git is a file system like api for git repository. The fs-git version 1.0.1module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec.

Source: CVE-2017-1000451