Lucene search
PRIOn knowledge basePRION:CVE-2022-24433HistoryMar 11, 2022 - 5:16 p.m.
Command injection
2022-03-1117:16:00
PRIOn knowledge base
www.prio-n.com
5
The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| simple-git | lt | 3.3.0 |
Related
osv
osv
Command injection in simple-git
2022-03-12 00:00:33
CVE-2022-24433
2022-03-11 17:16:06
CVE-2022-24066
2022-04-01 20:15:08
cvelist
cvelist
CVE-2022-24433 Command Injection
2022-03-11 00:00:00
CVE-2022-24066 Command Injection
2022-04-01 00:00:00
nvd
nvd
CVE-2022-24433
2022-03-11 17:16:06
CVE-2022-24066
2022-04-01 20:15:08
veracode
veracode
Command Injection
2022-03-14 14:21:51
Command Injection
2022-04-04 07:25:24
github
github
Command injection in simple-git
2022-03-12 00:00:33
Command injection in simple-git
2022-04-02 00:00:13
cve
cve
CVE-2022-24433
2022-03-11 17:16:06
CVE-2022-24066
2022-04-01 20:15:08
prion
prion
Command injection
2022-04-01 20:15:00
