{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T17:22:08.499","vulnerabilities":[{"cve":{"id":"CVE-2020-4059","sourceIdentifier":"security-advisories@github.com","published":"2020-06-18T20:15:10.760","lastModified":"2024-11-21T05:32:14.177","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function."},{"lang":"es","value":"En mversion versiones anteriores a 2.0.0, presenta una vulnerabilidad de inyección de comandos. Este problema puede conllevar a una ejecución de código remota si un cliente de la biblioteca llama al método vulnerable con una entrada no confiable. Esta vulnerabilidad está parcheada mediante la versión 2.0.0. Las versiones anteriores están en desuso en npm. Como corrección alternativa, asegúrese de escapar de los mensajes de confirmación de git cuando se usa la opción commitMessage para la función update"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mversion_project:mversion:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.0","matchCriteriaId":"B40EDF9B-C9BD-4CD9-83BA-CD70878CA5F8"}]}]}],"references":[{"url":"https://github.com/mikaelbr/mversion/commit/6c76c9efd27c7ff5a5c6f187e8b7a435c4722338","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/mikaelbr/mversion/security/advisories/GHSA-qjg4-w4c6-f6c6","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/mikaelbr/mversion/commit/6c76c9efd27c7ff5a5c6f187e8b7a435c4722338","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/mikaelbr/mversion/security/advisories/GHSA-qjg4-w4c6-f6c6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}