Security Advisory

CVE-2022-21235

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-04-01 15:55:10

Last updated 2024-09-17 00:20:56

Assigner snyk

State PUBLISHED

Description

The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.

← Browse all CVEs View on cve.org ↗