CVE-2022-21187

Posted on 2022년 3월 15일2022년 3월 15일 by admin

CVE-2022-21187

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution.

Source: CVE-2022-21187

답글 남기기 응답 취소