Command Injection
Overview mversion is a cross packaging manager module version handler/bumper. Affected versions of this package are vulnerable to Command Injection. The issue occurs because tagName user input is formatted inside the exec function is executed without any checks. PoC: var mversion =...