15 matches found
CVE-2025-66219
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
CVE-2025-66219
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
CVE-2025-66219 willitmerge has a command Injection vulnerability
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
CVE-2025-66219 willitmerge has a command Injection vulnerability
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
CVE-2025-66219 willitmerge has a command Injection vulnerability
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
EUVD-2025-199887
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
CVE-2025-66219
CVE-2025-66219 affects the willitmerge CLI, specifically versions 0.2.1 and earlier. The root cause is the use of an insecure child-process execution API (exec) that concatenates user-provided input (from command-line flags or repository-controlled data) into shell commands, enabling command inje...
PT-2025-48356
Name of the Vulnerable Software and Affected Versions willitmerge versions 0.2.1 and prior Description willitmerge is a command line tool used to check if pull requests are mergeable. A command injection issue exists because the software uses an insecure child process execution API exec and...
willitmerge 命令注入漏洞
willitmerge is a command line tool by the individual developer Kyle Robinson Young. A command injection vulnerability exists in willitmerge version 0.2.1 and earlier, which stems from improper use of the Unsafe Sub-Process Execution API and can lead to command injection...
EUVD-2025-199766
willitmerge has a Command Injection vulnerability...
Arbitrary Command Injection
Overview willitmerge is an A command line tool to check if pull requests are mergeable. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the use of insecure child process execution API exec. An attacker can execute arbitrary system commands by supplying craft...
GHSA-J9WJ-M24M-7JJ6 willitmerge has a Command Injection vulnerability
willitmerge describes itself as a command line tool to check if pull requests are mergeable. There is a Command Injection vulnerability in version [email protected]. Resources: Project's GitHub source code: https://github.com/shama/willitmerge/ Project's npm package:...
grunt-willitmerge (>=0.2.0 <=1.0.0) potentially affected by CVE-2025-66219 via willitmerge (=0.1.2)
willitmerge NPM version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on willitmerge and may be impacted: - grunt-willitmerge =0.2.0, =1.0.0 Source cves: CVE-2025-66219 Source advisory: SNYK:JS-WILLITMERGE-14135971...
grunt-willitmerge (>=0.2.0 <=1.0.0) potentially affected by CVE-2025-66219 via willitmerge (=0.1.2)
willitmerge NPM version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on willitmerge and may be impacted: - grunt-willitmerge =0.2.0, =1.0.0 Source cves: CVE-2025-66219 Source advisory: OSV:GHSA-J9WJ-M24M-7JJ6...
willitmerge has a Command Injection vulnerability
willitmerge describes itself as a command line tool to check if pull requests are mergeable. There is a Command Injection vulnerability in version [email protected]. Resources: Project's GitHub source code: https://github.com/shama/willitmerge/ Project's npm package:...