Critical severityNVD Advisory· Published Aug 31, 2020· Updated Sep 23, 2021
Command Injection in ungit
CVE-2015-4130
Description
Versions of ungit prior to 0.9.0 are affected by a command injection vulnerability in the url parameter.
Recommendation
Update version 0.9.0 or later.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ungitnpm | < 0.9.0 | 0.9.0 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-vjfr-p6hp-jqqwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-4130ghsaADVISORY
- github.com/FredrikNoren/ungit/issues/486ghsaWEB
- www.npmjs.com/advisories/40ghsaWEB
News mentions
0No linked articles in our index yet.