admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-06-18 20:01:31 +00:00
parent 90f4bdc70a
commit ae4c7ac411
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2020/4xxx/CVE-2020-4059.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input.\n\nThis vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm.\n\nAs a workaround, make sure to escape git commit messages when using the commitMessage option for the update function."
"value": "In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function."
}
]
},