Skip to content

Command Injection in ungit

critical severity Published Aug 31, 2020 • Updated Sep 23, 2021

Package

npm ungit (npm)

Affected versions

<= 0.8.4

Patched versions

0.9.0

Description

Versions of ungit prior to 0.9.0 are affected by a command injection vulnerability in the url parameter.

Recommendation

Update version 0.9.0 or later.

References

CVE ID

CVE-2015-4130