← Back to CVE List
CVE-2022-21235
The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt