CVE-2022-21235
CVE-2022-21235 affects the Go package github.com/masterminds/vcs pre-1.13.3. The vulnerability arises from passing untrusted argument strings to the underlying Mercurial call (hg), which can be interpreted as additional flags and enable command injection. Impact is remote command execution on aff...