PT-2020-17855 · Mversion · Mversion

Mikaelbr

Published

2020-06-18

Updated

2020-06-29

CVE-2020-4059

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions mversion versions prior to 2.0.0

Description This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. The vulnerability is related to a command injection issue. To mitigate this, it is recommended to escape git commit messages when using the commitMessage option for the update function.

Recommendations For versions prior to 2.0.0, update to version 2.0.0 to resolve the issue. As a temporary workaround, make sure to escape git commit messages when using the commitMessage option for the update function.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2020-4059

GHSA-QJG4-W4C6-F6C6

Affected Products

Mversion

PT-2020-17855 · Mversion · Mversion

CVE-2020-4059

Weakness Enumeration

Related Identifiers

Affected Products

References · 6