CVE-2025-66219 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmer…
Medium CVSS: 6.9

CVE-2025-66219

willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API (exec) to which it concatenates user input, whether provided to the command-line flag, or is in user control in the target repository. At time of publication, no known fix is public.
Vendor
Dontkry
Product
Willitmerge
CWE
CWE-77
Yayın Tarihi
2025-11-29 02:15:52
Güncelleme
2025-12-19 15:52:58
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-77 Willitmerge MEDIUM Dontkry 2025

Referanslar

https://github.com/shama/willitmerge/blob/2fe91d05191fb05ac6da685828d109a3a5885028/lib/willitmerge.js#L189-L197 https://github.com/shama/willitmerge/security/advisories/GHSA-j9wj-m24m-7jj6 https://github.com/shama/willitmerge/security/advisories/GHSA-j9wj-m24m-7jj6