Critical severityGHSA Advisory· Published Aug 31, 2020· Updated Sep 23, 2021
Command Injection in ungit
CVE-2015-4130
Description
Versions of ungit prior to 0.9.0 are affected by a command injection vulnerability in the url parameter.
Recommendation
Update version 0.9.0 or later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ungitnpm | < 0.9.0 | 0.9.0 |
Affected products
2- Range: <= 0.8.4
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-vjfr-p6hp-jqqwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-4130ghsaADVISORY
- github.com/FredrikNoren/ungit/issues/486ghsaWEB
- www.npmjs.com/advisories/40ghsaWEB
News mentions
0No linked articles in our index yet.