Vulnerabilities > CVE-2020-4059 - Unspecified vulnerability in Mversion Project Mversion
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW Summary
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function.
Vulnerable Configurations
References
- https://github.com/mikaelbr/mversion/commit/6c76c9efd27c7ff5a5c6f187e8b7a435c4722338
- https://github.com/mikaelbr/mversion/commit/6c76c9efd27c7ff5a5c6f187e8b7a435c4722338
- https://github.com/mikaelbr/mversion/security/advisories/GHSA-qjg4-w4c6-f6c6
- https://github.com/mikaelbr/mversion/security/advisories/GHSA-qjg4-w4c6-f6c6