High
Node.js workspace-tools module could allow a remote attacker to execute arbitrary commands on the system, caused by a git argument injection flaw in the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function. By sending a specially-crafted request using the remote and remoteBranch parameters, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Node.js workspace-tools 0.18.3
Upgrade to the latest version of workspace tools, available from the workspace-tools GIT Repository.