CVE-2015-4130 — Command Injection in ungit

Description

Versions of `ungit` prior to 0.9.0 are affected by a command injection vulnerability in the `url` parameter. ## Recommendation Update version 0.9.0 or later.

How to fix CVE-2015-4130

To remediate CVE-2015-4130, upgrade the affected package to a fixed version below.

npm/ungit—upgrade to 0.9.0 or later

Is CVE-2015-4130 being exploited?

No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2015-4130.

Affected packages (1)

npm/ungitfrom 0, < 0.9.0

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-4130
PATCHgithub.com/FredrikNoren/ungit
WEBgithub.com/FredrikNoren/ungit/issues/486
WEBwww.npmjs.com/advisories/40