Description
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2023-0667 | semver-tags is vulnerable to Command Injection via the getGitTagsRemote function |
Github GHSA |
GHSA-8h3g-hcwp-6hxq | semver-tags is vulnerable to Command Injection via the getGitTagsRemote function |
References
History
Tue, 25 Mar 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: snyk
Published:
Updated: 2025-03-25T18:10:39.844Z
Reserved: 2022-02-24T11:58:27.011Z
Link: CVE-2022-25853
Updated: 2024-08-03T04:49:43.950Z
Status : Modified
Published: 2023-02-06T05:15:11.857
Modified: 2026-06-17T04:34:23.653
Link: CVE-2022-25853
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- NVD-CWE-Other
EUVD
Github GHSA