15 matches found
CVE-2025-66219
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
CVE-2025-66219
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
CVE-2025-66219 willitmerge has a command Injection vulnerability
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
CVE-2025-66219 willitmerge has a command Injection vulnerability
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
CVE-2025-66219 willitmerge has a command Injection vulnerability
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
CVE-2025-66219
CVE-2025-66219 affects the willitmerge CLI, specifically versions 0.2.1 and earlier. The root cause is the use of an insecure child-process execution API (exec) that concatenates user-provided input (from command-line flags or repository-controlled data) into shell commands, enabling command inje...
EUVD-2025-199887
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
willitmerge 命令注入漏洞
willitmerge is a command line tool by the individual developer Kyle Robinson Young. A command injection vulnerability exists in willitmerge version 0.2.1 and earlier, which stems from improper use of the Unsafe Sub-Process Execution API and can lead to command injection...
PT-2025-48356
Name of the Vulnerable Software and Affected Versions willitmerge versions 0.2.1 and prior Description willitmerge is a command line tool used to check if pull requests are mergeable. A command injection issue exists because the software uses an insecure child process execution API exec and...
grunt-willitmerge (>=0.2.0 <=1.0.0) potentially affected by CVE-2025-66219 via willitmerge (=0.1.2)
willitmerge NPM version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on willitmerge and may be impacted: - grunt-willitmerge =0.2.0, =1.0.0 Source cves: CVE-2025-66219 Source advisory: OSV:GHSA-J9WJ-M24M-7JJ6...
Arbitrary Command Injection
Overview willitmerge is an A command line tool to check if pull requests are mergeable. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the use of insecure child process execution API exec. An attacker can execute arbitrary system commands by supplying craft...
grunt-willitmerge (>=0.2.0 <=1.0.0) potentially affected by CVE-2025-66219 via willitmerge (=0.1.2)
willitmerge NPM version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on willitmerge and may be impacted: - grunt-willitmerge =0.2.0, =1.0.0 Source cves: CVE-2025-66219 Source advisory: SNYK:JS-WILLITMERGE-14135971...
EUVD-2025-199766
willitmerge has a Command Injection vulnerability...
GHSA-J9WJ-M24M-7JJ6 willitmerge has a Command Injection vulnerability
willitmerge describes itself as a command line tool to check if pull requests are mergeable. There is a Command Injection vulnerability in version [email protected]. Resources: Project's GitHub source code: https://github.com/shama/willitmerge/ Project's npm package:...
willitmerge has a Command Injection vulnerability
willitmerge describes itself as a command line tool to check if pull requests are mergeable. There is a Command Injection vulnerability in version [email protected]. Resources: Project's GitHub source code: https://github.com/shama/willitmerge/ Project's npm package:...