VYPR

Go modules package

github.com/masterminds/vcs

pkg:golang/github.com/masterminds/vcs

Vulnerabilities (1)

  • CVE-2022-21235Apr 1, 2022
    affected < 1.13.2fixed 1.13.2

    The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.