Mikael Brevik

1 exploit Active since Jun 2020
CVE-2020-4059 WRITEUP HIGH WRITEUP
mversion < 2.0.0 - Remote Code Execution via Git Commit Message Injection
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function.
CVSS 7.3