Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mversion
(Mversion_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-18 | CVE-2020-4059 | In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function. | Mversion | 7.3 | ||
| 2020-07-01 | CVE-2020-7688 | The issue occurs because tagName user input is formatted inside the exec function is executed without any checks. | Mversion | 7.8 |