Mversion Project

mversion_project

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Mversion

mversion

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-7688 1Mversion Project 1Mversion Nov 21, 2024 Jul 1, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The issue occurs because tagName user input is formatted inside the exec function is executed without any checks.
CVE-2020-4059 1Mversion Project 1Mversion Nov 21, 2024 Jun 18, 2020 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patche...Show more In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2020-7688

1Mversion Project

1Mversion

Nov 21, 2024

Jul 1, 2020

N/A· v4

7.8 HIGH· v3

4.6 MEDIUM· v2

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks.

CVE-2020-4059

1Mversion Project

1Mversion

Nov 21, 2024

Jun 18, 2020

N/A· v4

7.3 HIGH· v3

7.5 HIGH· v2

In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function.Show less