Lucene search
K

26 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1732

Malicious code in bioql PyPI...

9.8CVSS8.6AI score0.01781EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-1661

Malicious code in bioql PyPI...

9.8CVSS8.1AI score0.02713EPSS
Exploits0References8
CNVD
CNVD
added 2022/04/05 12:0 a.m.21 views

cocoapods-downloader command injection vulnerability

cocoapods-downloader is a small library. It is used to download files from remote controls in folders. cocoapods-downloader versions prior to 1.6.2 have a security vulnerability that stems from the presence of command injection in the hg parameter. An attacker calling the download function could...

9.8CVSS3.5AI score0.01781EPSS
Exploits0References1
OSV
OSV
added 2022/04/02 12:0 a.m.52 views

GHSA-7627-MP87-JF6Q Command injection in cocoapods-downloader

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

8.1CVSS9.9AI score0.02713EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/04/02 12:0 a.m.27 views

Command injection in cocoapods-downloader

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

9.8CVSS4.1AI score0.02713EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/02 12:0 a.m.26 views

Command injection in cocoapods-downloader

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

9.8CVSS2.5AI score0.01781EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/04/02 12:0 a.m.44 views

GHSA-G397-V4W5-4M79 Command injection in cocoapods-downloader

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

8.1CVSS9.9AI score0.01781EPSS
Exploits0References5
RubySec
RubySec
added 2022/04/02 12:0 a.m.13 views

Command injection in cocoapods-downloader

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

9.8CVSS2.5AI score0.01781EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/04/02 12:0 a.m.12 views

Command injection in cocoapods-downloader

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

9.8CVSS7.5AI score0.02713EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/04/01 6:15 p.m.18 views

CVE-2022-21223

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

9.8CVSS0.01781EPSS
Exploits0References2
NVD
NVD
added 2022/04/01 6:15 p.m.11 views

CVE-2022-24440

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

9.8CVSS0.02713EPSS
Exploits0References3
Prion
Prion
added 2022/04/01 6:15 p.m.12 views

Command injection

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

7.5CVSS9.9AI score0.01781EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/04/01 6:15 p.m.11 views

Command injection

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

7.5CVSS9.9AI score0.02713EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/04/01 5:35 p.m.25 views

CVE-2022-21223 Command Injection

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

8.1CVSS10AI score0.01781EPSS
Exploits0References2
CVE
CVE
added 2022/04/01 5:35 p.m.98 views

CVE-2022-21223

CVE-2022-21223 affects cocoapods-downloader prior to 1.6.2. The flaw is a Command Injection in the download path when using hg, where the URL and/or revision/branch are passed to the hg clone command, allowing extra flags to be injected. Affected component: cocoapods-downloader (Ruby gem). Root c...

9.8CVSS9.4AI score0.01781EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/04/01 5:35 p.m.19 views

CVE-2022-21223 Command Injection

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

8.1CVSS9.9AI score0.01781EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/04/01 5:35 p.m.18 views

CVE-2022-24440 Command Injection

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

8.1CVSS10AI score0.02713EPSS
Exploits0References3
CVE
CVE
added 2022/04/01 5:35 p.m.112 views

CVE-2022-24440

CVE-2022-24440 affects cocoapods-downloader: versions before 1.6.0, and 1.6.2 and before 1.6.3, are vulnerable to Command Injection via git argument injection in Pod::Downloader.preprocess_options, where git and branch are passed to git ls-remote enabling extra flags for injection. This could all...

9.8CVSS9.4AI score0.02713EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/04/01 5:35 p.m.15 views

CVE-2022-24440 Command Injection

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

8.1CVSS9.9AI score0.02713EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/04/01 5:32 p.m.11 views

CVE-2022-24440

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

9.8CVSS7.2AI score0.02713EPSS
Exploits0References4
Rows per page
Query Builder