All versions of package git-archive are vulnerable to Command Injection via the exports function.

Read More