Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Moar fixes #105

Merged
merged 2 commits into from
Mar 30, 2022
Merged

Moar fixes #105

merged 2 commits into from
Mar 30, 2022

Conversation

mattfarina
Copy link
Member

No description provided.

Signed-off-by: Matt Farina <matt@mattfarina.com>
Signed-off-by: Matt Farina <matt@mattfarina.com>
@mattfarina mattfarina merged commit 6a6170d into master Mar 30, 2022
@mattfarina mattfarina deleted the moar-fixes branch March 30, 2022 20:13
rwsu added a commit to rwsu/assisted-installer that referenced this pull request Jun 30, 2023
The package github.com/masterminds/vcs before 1.13.3 are vulnerable
to Command Injection via argument injection. When hg is executed,
argument strings are passed to hg in a way that additional flags
can be set. The additional flags can be used to perform a command
injection.

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2215317
Additional References:
* Masterminds/vcs#105
* https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMASTERMINDSVCS-2437078
rwsu added a commit to rwsu/assisted-installer that referenced this pull request Jun 30, 2023
The package github.com/masterminds/vcs before 1.13.3 are vulnerable
to Command Injection via argument injection. When hg is executed,
argument strings are passed to hg in a way that additional flags
can be set. The additional flags can be used to perform a command
injection.

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2215317
Additional References:
* Masterminds/vcs#105
* https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMASTERMINDSVCS-2437078
openshift-merge-robot pushed a commit to openshift/assisted-installer that referenced this pull request Jul 6, 2023
…681)

The package github.com/masterminds/vcs before 1.13.3 are vulnerable
to Command Injection via argument injection. When hg is executed,
argument strings are passed to hg in a way that additional flags
can be set. The additional flags can be used to perform a command
injection.

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2215317
Additional References:
* Masterminds/vcs#105
* https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMASTERMINDSVCS-2437078
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant