@gotoeasy/count-line-cli (>=1.0.7 <=1.1.5), @pingy/cli (>=0.10.0 <=0.11.2) +5 more potentially affected by CVE-2022-24437 via git-pull-or-clone (>=1.1.0 <=1.3.0)

git-pull-or-clone NPM version =1.1.0, =1.0.7, =0.10.0, =8.0.0, =0.7.8, =0.5.0, =0.1.0, =1.0.1, =1.0.11 Source cves: CVE-2022-24437 Source advisory: OSV:GHSA-3X62-X456-Q2VM...

OS Command Injection in git-pull-or-clone

The package git-pull-or-clone before 2.0.2 is vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

CVE-2022-24437

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

CVE-2022-24437

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

Command injection

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

CVE-2022-24437 Command Injection

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

CVE-2022-24437

The CVE-2022-24437 entry affects git-pull-or-clone prior to 2.0.2. The vulnerability arises from using the --upload-pack feature (also used by git clone) where the outpath argument passed to the secure spawn() call can be manipulated as a command-line argument, enabling arbitrary command injectio...

CVE-2022-24437

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

PT-2022-16696 · Git +1 · Git +1

Name of the Vulnerable Software and Affected Versions: git-pull-or-clone versions prior to 2.0.2 Description: The issue arises from the use of the --upload-pack feature of git, which is also supported for git clone. Although the source utilizes the secure child process API spawn, the outpath...

git-pull-or-clone 参数注入漏洞

git-pull-or-clone is used to ensure that a git repository exists on disk and is up-to-date. A parameter injection vulnerability exists in git-pull-or-clone versions prior to 2.0.2, which can be exploited to cause arbitrary command injection...

CVE-2022-0541

The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flocustomtableprefix cookie to an arbitrary value...

CVE-2022-0541

The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flocustomtableprefix cookie to an arbitrary value...

OS Command Injection

git-interface is vulnerable to OS command injection. When a user uses git clone feature, the use of command-line-argument --upload-pack with a valid directory on disk allows the destination directory to clone a repository too...

WordPress和WordPress plugin 安全漏洞

WordPress is a blogging platform developed using the PHP language. The WordPress plugin flo-launch version 2.4.1 or earlier is vulnerable to an access control error that originates when the plugin injects code into wp-config.php when creating a clone site. prefix cookie to an arbitrary value to...

GHSA-QFFW-8WG7-H665 Command injection in git-interface

A command injection vulnerability exists in git-interface in the GitHub repository yarkeev/git-interface prior to 2.1.2. If both the git remote and destination directory are provided by user input, then the use of an --upload-pack command-line argument feature of git is also supported for git...

CVE-2022-1440

Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview git-interface is an interface to work with a git repository in node.js Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'. The API may be abused if user input is able to provide a valid directory on disk an...

git-interface 操作系统命令注入漏洞

git-interface is an interface for using git repositories in node.js by the Russian individual developer Yarkeev Denis. A security vulnerability exists in yarkeev git-interface versions prior to 2.1.1, which stems from a lack of filtering of the git clone and git --upload-pack command line...

Slackware: Security Advisory (SSA:2021-070-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-28XR-MWXG-3QC8 Command injection in simple-git

simple-git maintained as git-js named repository on GitHub is a light weight interface for running git commands in any node.js application.The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch...