3 matches found
CVE-2020-4059
CVE-2020-4059 affects the mversion library (pre-2.0.0). The vulnerability is a command injection in the library’s internal workflow, which could lead to remote code execution when a client calls the vulnerable method with untrusted input. The issue is fixed in version 2.0.0; older releases are de...
CVE-2020-4059 Command Injection in mversion
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...
action-tracker (>=0.1.1 <=1.2.1), aye-spy (>=1.2.0 <=2.2.3) +12 more potentially affected by CVE-2020-4059 via mversion (>=1.12.0 <=1.13.0)
mversion NPM version =1.12.0, =0.1.1, =1.2.0, =1.0.0, =1.0.0, =0.0.0, =0.1.7, =2.4.18, =1.0.0, =1.1.1, =0.0.0, =0.1.0, =1.0.0 Source cves: CVE-2020-4059 Source advisory: OSV:GHSA-QJG4-W4C6-F6C6...