In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-06-18T19:25:15
Updated: 2024-08-04T07:52:20.928Z
Reserved: 2019-12-30T00:00:00
Link: CVE-2020-4059
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-06-18T20:15:10.760
Modified: 2020-06-29T00:50:13.310
Link: CVE-2020-4059
Redhat
No data.