From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Name: Argument Injection vulnerability in ggit@2.4.12 - Description: ggit describes itself as a local promise-returning wrapper for git commands. 2. Resources: - Project GitHub source code: https://github.com/bahmutov/ggit - Project npm package: https://www.npmjs.com/package/ggit 3. Background and Exploitation: - Background: ggit's API allows specifying a remote URL to clone a repository to disk. - Exploitation: - ggit does not validate or sanitize user input or the given URL scheme. - ggit incorrectly passes command-line flags to git, using double-dash POSIX strings ( ) to signal the end of options. - This allows attackers to exploit the vulnerability in ggit to execute arbitrary commands. 4. Exploitation Steps: 1. Install ggit@2.4.12 or an earlier version. 2. Use the following PoC: 3. Observe the newly created file on disk at the path . 5. Author: - Liran Tal This information provides a detailed description of the Argument Injection vulnerability in ggit@2.4.12, including the exploitation method and steps.