Описание
The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.13 (исключая)
cpe:2.3:a:vcs_project:vcs:*:*:*:*:*:go:*:*
EPSS
Процентиль: 61%
0.00412
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-88
Связанные уязвимости
CVSS3: 9.8
redhat
почти 3 года назад
The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.
CVSS3: 9.8
github
почти 4 года назад
Command Injection Vulnerability with Mercurial in VCS
EPSS
Процентиль: 61%
0.00412
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-88