Lucene search
PRIOn knowledge basePRION:CVE-2022-25912HistoryDec 06, 2022 - 5:15 a.m.
Design/Logic Flaw
2022-12-0605:15:00
PRIOn knowledge base
www.prio-n.com
7
simple-git
remote code execution
rce
clone() method
ext transport protocol
vulnerability
The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of CVE-2022-24066.
| CPE | Name | Operator | Version |
|---|---|---|---|
| simple-git | lt | 3.15.0 |
References
github.com/steveukx/git-js/blob/main/docs/PLUGIN-UNSAFE-ACTIONS.md%23overriding-allowed-protocols
github.com/steveukx/git-js/commit/774648049eb3e628379e292ea172dccaba610504
github.com/steveukx/git-js/releases/tag/simple-git%403.15.0
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3153532
security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221
Related
osv
osv
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
2022-12-06 06:30:17
CVE-2022-25912
2022-12-06 05:15:11
CVE-2022-24066
2022-04-01 20:15:08
cve
cve
nvd
nvd
veracode
veracode
Remote Code Execution (RCE)
2022-12-08 03:15:42
Command Injection
2022-04-04 07:25:24
cvelist
cvelist
CVE-2022-25912 Remote Code Execution (RCE)
2022-12-06 00:00:00
CVE-2022-24066 Command Injection
2022-04-01 00:00:00
CVE-2022-25860
2023-01-24 05:00:02
github
github
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
2022-12-06 06:30:17
Command injection in simple-git
2022-04-02 00:00:13
Remote code execution in simple-git
2023-01-26 21:30:25
cnvd
cnvd
unspecified vulnerability in simple-git-hooks
2022-04-05 00:00:00
prion
prion
Command injection
2022-04-01 20:15:00
Input validation
2023-01-26 21:15:00
