Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection in mversion
Vulnerability Description
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
mversion 命令注入漏洞
Vulnerability Description
mversion是挪威Mikael Brevik软件开发者的一款应用打包处理程序。 mversion 2.0.0之前版本中存在命令注入漏洞。远程攻击者可利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A