Lucene search
GoogleOSV:GHSA-3F95-R44V-8MRGHistoryMar 12, 2022 - 12:00 a.m.
Command injection in simple-git
2022-03-1200:00:33
Google
osv.dev
13
0.006 Low
EPSS
Percentile
77.8%
The package simple-git before 3.3.0 is vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options, it was possible to get arbitrary command execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| simple-git | lt | 3.3.0 |
Related
veracode
veracode
Command Injection
2022-03-14 14:21:51
Command Injection
2022-04-04 07:25:24
github
github
Command injection in simple-git
2022-03-12 00:00:33
Command injection in simple-git
2022-04-02 00:00:13
cve
cve
CVE-2022-24433
2022-03-11 17:16:06
CVE-2022-24066
2022-04-01 20:15:08
cvelist
cvelist
CVE-2022-24433 Command Injection
2022-03-11 00:00:00
CVE-2022-24066 Command Injection
2022-04-01 00:00:00
nvd
nvd
CVE-2022-24433
2022-03-11 17:16:06
CVE-2022-24066
2022-04-01 20:15:08
prion
prion
Command injection
2022-03-11 17:16:00
Command injection
2022-04-01 20:15:00
osv
osv
CVE-2022-24433
2022-03-11 17:16:06
CVE-2022-24066
2022-04-01 20:15:08
Command injection in simple-git
2022-04-02 00:00:13
