mversion

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting mversionpage 1 of 1

CVE-2020-4059HIGHCVSS 7.3EG 7.3✓ Fixed in 2.0.0
2020-06-18
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0.…
CVE-2020-7688HIGHCVSS 8.4EG 8.4✓ Fixed in 2.0.1
2020-07-01
The issue occurs because tagName user input is formatted inside the exec function is executed without any checks.

Check whether mversion is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for mversion CVEs against the assets you own.

Start Free Scan →