CVEs (1)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Github Todos Project 1Github Todos Nov 21, 2024 Dec 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function. |