The package github.com/masterminds/vcs prior to 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vcs project vcs |