0.004 Low
EPSS
Percentile
72.7%
mversion is vulnerable to OS Command Injection. The vulnerability exists as the value of tagName in lib/git.js is passed to cp.exec() without validation or sanitization, allowing an attacker to inject and execute arbitrary code.
tagName
lib/git.js
cp.exec()
github.com/418sec/huntr/pull/102
github.com/mikaelbr/mversion/commit/b7a8b32600e60759a7ad3921ec4a2750bf173482
github.com/mikaelbr/mversion/pull/57