4 matches found
CVE-2025-59433
Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...
CVE-2025-59433 @conventional-changelog/git-client has an Argument Injection vulnerability
Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...
CVE-2025-59433
The CVE-2025-59433 vulnerability affects the @conventional-changelog/git-client library prior to v2.0.0. Affected API: getTags() does not sanitize or validate user-supplied parameters, allowing crafted arguments to be passed to the underlying git log command (e.g., --output=), which can enable ar...
PT-2025-39067
Name of the Vulnerable Software and Affected Versions Conventional Changelog versions prior to 2.0.0 Description The @conventional-changelog/git-client library, versions prior to 2.0.0, contains a flaw in the getTags API that allows for argument injection into the git log command. This occurs...