Command injection

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

CVE-2022-24066 Command Injection

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

CVE-2022-24066

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

CVE-2022-21223

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

Command injection

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

cocoapods-downloader 参数注入漏洞

cocoapods-downloader is a small library. It is used to download files from remote controls in folders. cocoapods-downloader versions prior to 1.6.2 have a security vulnerability that stems from the presence of command injection in the hg parameter. An attacker calling the download function could...

PT-2022-16447 · Unknown · Simple-Git

Name of the Vulnerable Software and Affected Versions: simple-git versions prior to 3.5.0 Description: The issue arises from an incomplete fix of a previous command injection vulnerability, which only addressed the git fetch attack vector. The --upload-pack feature of git, also supported for git...

-llscw-react-cli (>=1.0.0 <=1.1.0-beta2), 002-node-cli (=1.0.0) +13402 more potentially affected by CVE-2022-25900 via git-clone (>=0.0.2 <=0.2.0)

git-clone NPM version =0.0.2, =1.0.0, =0.0.1, =1.0.0, =1.0.11 and more Source cves: CVE-2022-25900 Source advisory: SNYK:JS-GITCLONE-2434308...

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview git-clone is a Clone a git repository Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to insecure usage of the --upload-pack feature of git. Note: A note was added to the README file of the package t...

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview git-pull-or-clone is an Ensure a git repo exists on disk and that it's up-to-date Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to the use of the --upload-pack feature of git which is also supporte...

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to an incomplete fix of CVE-2022-24433 which only patches...

libvcs Command Injection Vulnerability

libvcs is a vcs abstraction layer. libvcs is vulnerable to command injection, which stems from the fact that when the updaterepo function is called, the url argument is passed to the hg clone command, and an attacker can exploit this vulnerability to execute commands by injecting some hg options...

CVE-2022-21187

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

CVE-2022-21187

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

PT-2022-14911 · Libvcs · Libvcs

Name of the Vulnerable Software and Affected Versions: libvcs versions prior to 0.11.1 Description: The issue concerns Command Injection via argument injection. When the update repo function is called, specifically when using hg, the url parameter is passed to the hg clone command. This allows fo...

libvcs 参数注入漏洞

libvcs is a vcs abstraction layer. libvcs is vulnerable to command injection, which stems from the fact that when the updaterepo function is called, the url argument is passed to the hg clone command, and an attacker can exploit this vulnerability to execute commands by injecting some hg options...

Command Injection

Overview github.com/hashicorp/go-getter is a Package for downloading things from a string URL using a variety of protocols. Affected versions of this package are vulnerable to Command Injection via hg argument injection. When calling the newgogetter.HgGetter.get function, the dst parameter is...

transferredAmount on mainnet can be drained if a malicious account can mint more tokens on Schain

Lines of code Vulnerability details Impact Anyone on Schain that is able to mint more tokens, other than the mint action from postMessage in tokenManagerERC20 by bridging tokens over, can potentially drain the locked tokens in transferredAmount in depositBoxERC20 on mainnet by calling exit with t...

Bypassing Apple’s AirTag Security

A Berlin-based company has developed an AirTag clone that bypasses Apples anti-stalker security systems. Source code for these AirTag clones is available online. So now we have several problems with the system. Apples anti-stalker security only works with iPhones. Apple wrote an Android app that...

CVE-2022-24975

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by...