CVE-2022-25860

🗓️ 26 Jan 2023 21:31:15Reported by [email protected]Type

Versions of simple-git <3.16.0 allow remote code execution via clone(), pull() and push() due to incomplete fix of CVE-2022-2591

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 21
Cvelist	CVE-2022-25860	24 Jan 202305:00	–	cvelist
Cvelist	CVE-2022-25912 Remote Code Execution (RCE)	12 Dec 202201:49	–	cvelist
RedhatCVE	CVE-2022-25860	6 Feb 202502:10	–	redhatcve
Github Security Blog	Remote code execution in simple-git	26 Jan 202321:30	–	github
Github Security Blog	simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol	6 Dec 202206:30	–	github
Vulnrichment	CVE-2022-25860	24 Jan 202305:00	–	vulnrichment
Vulnrichment	CVE-2022-25912 Remote Code Execution (RCE)	12 Dec 202201:49	–	vulnrichment
OSV	GHSA-9W5J-4MWV-2WJ8 Remote code execution in simple-git	26 Jan 202321:30	–	osv
OSV	CVE-2022-25860	26 Jan 202321:15	–	osv
OSV	GHSA-9P95-FXVG-QGQ2 simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol	6 Dec 202206:30	–	osv

Nvd

Node

simple-git_project simple-gitRange<3.16.0node.js

Source	Link
github	www.github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951
github	www.github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13
security	www.security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Jan 2023 21:15Current

9.3High risk

Vulners AI Score9.3

CVSS39.8

EPSS0.38025