24 matches found
EUVD-2021-0777
Malware in sbrugna...
CVE-2021-3190
The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag...
m2345a-atm (>=1.0.0 <=1.0.1), ndsh (>=1.5.1 <=1.5.5) +1 more potentially affected by CVE-2020-28490 via async-git (=1.13.0)
async-git NPM version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on async-git and may be impacted: - m2345a-atm =1.0.0, =1.5.1, =1.8.1, =1.9.1 Source cves: CVE-2020-28490 Source advisory: OSV:GHSA-6QPR-9MC5-7GCH...
GHSA-6QPR-9MC5-7GCH Command Injection in async-git
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters back-ticks. For example: git.reset'atouch HACKEDb'...
Command Injection in async-git
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters back-ticks. For example: git.reset'atouch HACKEDb'...
OS Command Injection
Overview Affected versions of the async-git package allow OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. Recommendation Upgrade to version 1.13.2 or later. References - CVE - GitHub Advisory...
CVE-2020-28490
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters back-ticks. For example: git.reset'atouch HACKEDb'...
CVE-2020-28490
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters back-ticks. For example: git.reset'atouch HACKEDb'...
Command injection
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters back-ticks. For example: git.reset'atouch HACKEDb'...
CVE-2020-28490
The CVE-2020-28490 entry concerns the npm package async-git prior to version 1.13.2, which is vulnerable to Command Injection via shell meta-characters (back-ticks). The issue is documented across multiple sources (GHSA, OSV, NVD, CVE listings, and Snyk) with the root cause being unsafe construct...
CVE-2020-28490 Command Injection
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters back-ticks. For example: git.reset'atouch HACKEDb'...
Omrilotan async-git Parameter Injection Vulnerability
Omrilotan async-git is a Javascript-based code repository that supports interaction with git repositories by the individual developer Omrilotan. A parameter injection vulnerability exists in async-git. The vulnerability originates from allowing shell metacharacters to be injected into git command...
OS Command Injection in async-git
The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. Ensure to sanitize untrusted us...
m2345a-atm (>=1.0.0 <=1.0.1), ndsh (>=1.5.1 <=1.5.5) +1 more potentially affected by CVE-2021-3190 via async-git (=1.13.0)
async-git NPM version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on async-git and may be impacted: - m2345a-atm =1.0.0, =1.5.1, =1.8.1, =1.9.1 Source cves: CVE-2021-3190 Source advisory: OSV:GHSA-6C3F-P5WP-34MH...
GHSA-6C3F-P5WP-34MH OS Command Injection in async-git
The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. Ensure to sanitize untrusted us...
CVE-2021-3190
The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag...
CVE-2021-3190
The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag...
Command injection
The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag...
Command Injection
Overview async-git is a 👾 Retrieve data from current git repository Affected versions of this package are vulnerable to Command Injection via shell meta-characters back-ticks. For example: git.reset'atouch HACKEDb' Remediation Upgrade async-git to version 1.13.2 or higher. References - GitHub...
m2345a-atm (>=1.0.0 <=1.0.1), ndsh (>=1.5.1 <=1.5.5) +1 more potentially affected by CVE-2020-28490 via async-git (=1.13.0)
async-git NPM version =1.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on async-git and may be impacted: - m2345a-atm =1.0.0, =1.5.1, =1.8.1, =1.9.1 Source cves: CVE-2020-28490 Source advisory: SNYK:JS-ASYNCGIT-1064877...