Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Moar fixes #105

Merged
merged 2 commits into from
Mar 30, 2022
Merged

Moar fixes #105

merged 2 commits into from
Mar 30, 2022

Conversation

mattfarina
Copy link
Member

No description provided.

@mattfarina
Some fixes
1ee9020 
Signed-off-by: Matt Farina <matt@mattfarina.com>
@mattfarina
Updating changelog
2e485aa 
Signed-off-by: Matt Farina <matt@mattfarina.com>
@mattfarina mattfarina merged commit 6a6170d into master Mar 30, 2022
@mattfarina mattfarina deleted the moar-fixes branch March 30, 2022 20:13
@GoVulnBot GoVulnBot mentioned this pull request Apr 1, 2022
Closed
@jba jba mentioned this pull request Apr 1, 2022
Open
rwsu added a commit to rwsu/assisted-installer that referenced this pull request Jun 30, 2023
@rwsu
OCPBUGS-15068 CVS-2022-21235 github.com/Masterminds/vcs command inj
d32e23f 
The package github.com/masterminds/vcs before 1.13.3 are vulnerable
to Command Injection via argument injection. When hg is executed,
argument strings are passed to hg in a way that additional flags
can be set. The additional flags can be used to perform a command
injection.

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2215317
Additional References:
* Masterminds/vcs#105
* https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMASTERMINDSVCS-2437078
@rwsu rwsu mentioned this pull request Jun 30, 2023
Merged
rwsu added a commit to rwsu/assisted-installer that referenced this pull request Jun 30, 2023
@rwsu
OCPBUGS-15068 CVE-2022-21235 github.com/Masterminds/vcs command inj
22d6156 
The package github.com/masterminds/vcs before 1.13.3 are vulnerable
to Command Injection via argument injection. When hg is executed,
argument strings are passed to hg in a way that additional flags
can be set. The additional flags can be used to perform a command
injection.

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2215317
Additional References:
* Masterminds/vcs#105
* https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMASTERMINDSVCS-2437078
openshift-merge-robot pushed a commit to openshift/assisted-installer that referenced this pull request Jul 6, 2023
@rwsu
OCPBUGS-15068 CVE-2022-21235 github.com/Masterminds/vcs command inj (#…
14b1b38 
…681)

The package github.com/masterminds/vcs before 1.13.3 are vulnerable
to Command Injection via argument injection. When hg is executed,
argument strings are passed to hg in a way that additional flags
can be set. The additional flags can be used to perform a command
injection.

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2215317
Additional References:
* Masterminds/vcs#105
* https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMASTERMINDSVCS-2437078
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@mattfarina