CVE-2019-10776: OS command injection in git-diff-apply

Severity: Critical

CVSS Score: 9.8

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2.