Filtered by vendor Libvcs Project
Subscribe
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21187 | 1 Libvcs Project | 1 Libvcs | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution. | |||||