3 matches found
CVE-2022-21187
The CVE-2022-21187 issue affects the libvcs package prior to version 0.11.1. The vulnerability arises in the update_repo path (when using Mercurial via hg), where the url parameter is passed to the hg clone command, enabling command injection and potential arbitrary command execution. Available c...
CVE-2022-21187
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...
vcspull (>=1.8.0 <=1.8.1) potentially affected by CVE-2022-21187 via libvcs (=0.10.1)
libvcs PYPI version =0.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on libvcs and may be impacted: - vcspull =1.8.0, =1.8.1 Source cves: CVE-2022-21187 Source advisory: SNYK:PYTHON-LIBVCS-2421204...