Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection
Vulnerability Description
The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Masterminds VCS 参数注入漏洞
Vulnerability Description
VCS是用于通过 Go 中的通用接口管理 VCS Repo。 Masterminds VCS 存在安全漏洞,该漏洞源于软件中存在参数注入。攻击者执行 hg 时,参数字符串以可以设置附加标志的方式传递给 hg利用该漏洞,其中附加标志可用于执行命令注入。
CVSS Information
N/A
Vulnerability Type
N/A