CVE-2020-4059

In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...

OS Command Injection in mversion

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

GHSA-6M8P-4FXJ-PGC2 OS Command Injection in mversion

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

OS Command Injection

mversion is vulnerable to OS Command Injection. The vulnerability exists as the value of tagName in lib/git.js is passed to cp.exec without validation or sanitization, allowing an attacker to inject and execute arbitrary code...

Command Injection

Overview mversion is a cross packaging manager module version handler/bumper. Affected versions of this package are vulnerable to Command Injection. The issue occurs because tagName user input is formatted inside the exec function is executed without any checks. PoC: var mversion =...

OS Command Injection

mversion is vulnerable to OS Command Injection. The vulnerability exists as the values in the functions isRepositoryClean, and commit, that leads to cp.exec are not sanitized...

mversion command injection vulnerability

mversion is an application packaging processor from Mikael Brevik Software Developers in Norway. A command injection vulnerability exists in versions prior to mversion 2.0.0. A remote attacker could exploit the vulnerability to execute code...

CVE-2020-4059

In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...

CVE-2020-4059

In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...

CVE-2020-4059

CVE-2020-4059 affects the mversion library (pre-2.0.0). The vulnerability is a command injection in the library’s internal workflow, which could lead to remote code execution when a client calls the vulnerable method with untrusted input. The issue is fixed in version 2.0.0; older releases are de...

CVE-2020-4059 Command Injection in mversion

In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...

GHSA-QJG4-W4C6-F6C6 Command injection in mversion

Impact This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. Patches Patched by version 2.0.0. Previous releases are deprecated in npm. Workarounds Make sure to escape git commit messages when using the commitMessage option for t...

action-tracker (>=0.1.1 <=1.2.1), aye-spy (>=1.2.0 <=2.2.3) +12 more potentially affected by CVE-2020-4059 via mversion (>=1.12.0 <=1.13.0)

mversion NPM version =1.12.0, =0.1.1, =1.2.0, =1.0.0, =1.0.0, =0.0.0, =0.1.7, =2.4.18, =1.0.0, =1.1.1, =0.0.0, =0.1.0, =1.0.0 Source cves: CVE-2020-4059 Source advisory: OSV:GHSA-QJG4-W4C6-F6C6...