cocoapods-downloader 1.6.0

1 security vulnerability found in version 1.6.0

Command injection in cocoapods-downloader

high severity CVE-2022-21223
high severity CVE-2022-21223
Patched versions: >= 1.6.2

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set. The additional flags can be used to perform a command injection.

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

No license issues detected.


This gem version has a license in the gemspec.

This gem version is available.


This gem version has not been yanked and is still available for usage.