Description
The issue occurs because tagName user input is formatted inside the exec function is executed without any checks.
Remediation
References
https://github.com/418sec/huntr/pull/102
https://github.com/mikaelbr/mversion/commit/b7a8b32600e60759a7ad3921ec4a2750bf173482
https://snyk.io/vuln/SNYK-JS-MVERSION-573174
Related Vulnerabilities
CVE-2020-10687 Vulnerability in maven package io.undertow:undertow-core
CVE-2023-3163 Vulnerability in maven package com.ruoyi:ruoyi-common
CVE-2023-45303 Vulnerability in maven package org.thingsboard:thingsboard
CVE-2022-25927 Vulnerability in maven package org.webjars.bowergithub.faisalman:ua-parser-js
CVE-2023-37953 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration