HIGH
Rich-Harris
CVE published 2026-06-09
CVE-2026-11572
CVE-2026-11572 is a high-severity vulnerability in the degit package. Versions before 2.8.6 and from 3.0.0 to before 3.3.1 are vulnerable to command injection due to improper sanitization of user input for git shell commands. This allows an attacker to execute arbitrary operating system commands as the process user by supplying a specially crafted git repository name.