Lucene search

GitHub Advisory DatabaseGHSA-9V73-X562-WV5X

HistoryJun 03, 2022 - 12:00 a.m.

OS Command Injection in gitsome

2022-06-0300:00:58

CWE-78

GitHub Advisory Database

github.com

command injection

gitsome

arbitrary commands

git repository

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.0%

JSON

OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository.

Affected configurations

Vulners

Node

gitsome_projectgitsomeRange≤0.2.3node.js

VendorProductVersionCPE
gitsome_projectgitsome*cpe:2.3:a:gitsome_project:gitsome:*:*:*:*:*:node.js:*:*

Vendor	Product	Version	CPE
gitsome_project	gitsome	*	cpe:2.3:a:gitsome_project:gitsome::::::node.js::*

References

advisory.checkmarx.net/advisory/CX-2021-4780

github.com/advisories/GHSA-9v73-x562-wv5x

nvd.nist.gov/vuln/detail/CVE-2021-34081

www.npmjs.com/package/gitsome

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.0%

JSON

Related for GHSA-9V73-X562-WV5X