{"id":"PYSEC-2021-15","details":"git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution.","aliases":["CVE-2021-3028","GHSA-x38j-4rr5-hqrj"],"modified":"2024-04-22T23:26:29.836464Z","published":"2021-01-13T17:15:00Z","references":[{"type":"WEB","url":"https://github.com/git-big-picture/git-big-picture/pull/62"},{"type":"WEB","url":"https://github.com/git-big-picture/git-big-picture/pull/27"},{"type":"WEB","url":"https://github.com/git-big-picture/git-big-picture/releases/tag/v1.0.0"}],"affected":[{"package":{"name":"git-big-picture","ecosystem":"PyPI","purl":"pkg:pypi/git-big-picture"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.0"}]}],"versions":["0.10.0","0.10.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/git-big-picture/PYSEC-2021-15.yaml"}}],"schema_version":"1.7.3"}