RubyGems - cocoapods-downloader - Versions - 1.6.1 - Mend

cocoapods-downloader 1.6.1

1 security vulnerability found in version 1.6.1

Command injection in cocoapods-downloader

high severity CVE-2022-21223

Patched versions: >= 1.6.2

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set. The additional flags can be used to perform a command injection.

No officially reported memory leakage issues detected.

This gem version does not have any officially reported memory leaked issues.

No license issues detected.

This gem version has a license in the gemspec.

This gem version is available.

This gem version has not been yanked and is still available for usage.