← Back

Mversion

mversion

Vendor: Mversion Project • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-7688
1Mversion Project
1Mversion
Nov 21, 2024
Jul 1, 2020
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
The issue occurs because tagName user input is formatted inside the exec function is executed without any checks.
CVE-2020-4059
1Mversion Project
1Mversion
Nov 21, 2024
Jun 18, 2020
N/A· v4
7.3 HIGH· v3
7.5 HIGH· v2
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patche...Show more
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function.Show less