Lucene search
K

26 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1732

Malicious code in bioql PyPI...

9.8CVSS8.6AI score0.01781EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-1661

Malicious code in bioql PyPI...

9.8CVSS8.1AI score0.02713EPSS
Exploits0References8
CNVD
CNVD
added 2022/04/05 12:0 a.m.22 views

cocoapods-downloader command injection vulnerability

cocoapods-downloader is a small library. It is used to download files from remote controls in folders. cocoapods-downloader versions prior to 1.6.2 have a security vulnerability that stems from the presence of command injection in the hg parameter. An attacker calling the download function could...

9.8CVSS3.5AI score0.01781EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/04/02 12:0 a.m.26 views

Command injection in cocoapods-downloader

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

9.8CVSS2.5AI score0.01781EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/02 12:0 a.m.27 views

Command injection in cocoapods-downloader

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

9.8CVSS4.1AI score0.02713EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/04/02 12:0 a.m.44 views

GHSA-G397-V4W5-4M79 Command injection in cocoapods-downloader

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

8.1CVSS9.9AI score0.01781EPSS
Exploits0References5
OSV
OSV
added 2022/04/02 12:0 a.m.53 views

GHSA-7627-MP87-JF6Q Command injection in cocoapods-downloader

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

8.1CVSS9.9AI score0.02713EPSS
Exploits0References8
RubySec
RubySec
added 2022/04/02 12:0 a.m.12 views

Command injection in cocoapods-downloader

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

9.8CVSS7.5AI score0.02713EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/04/02 12:0 a.m.13 views

Command injection in cocoapods-downloader

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

9.8CVSS2.5AI score0.01781EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/04/01 6:15 p.m.11 views

CVE-2022-24440

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

9.8CVSS0.02713EPSS
Exploits0References3
NVD
NVD
added 2022/04/01 6:15 p.m.18 views

CVE-2022-21223

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

9.8CVSS0.01781EPSS
Exploits0References2
Prion
Prion
added 2022/04/01 6:15 p.m.11 views

Command injection

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

7.5CVSS9.9AI score0.02713EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/04/01 6:15 p.m.12 views

Command injection

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

7.5CVSS9.9AI score0.01781EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/04/01 5:35 p.m.25 views

CVE-2022-21223 Command Injection

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

8.1CVSS10AI score0.01781EPSS
Exploits0References2
OSV
OSV
added 2022/04/01 5:35 p.m.19 views

CVE-2022-21223 Command Injection

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

8.1CVSS7.2AI score0.01781EPSS
Exploits0References4
CVE
CVE
added 2022/04/01 5:35 p.m.98 views

CVE-2022-21223

CVE-2022-21223 affects cocoapods-downloader prior to 1.6.2. The flaw is a Command Injection in the download path when using hg, where the URL and/or revision/branch are passed to the hg clone command, allowing extra flags to be injected. Affected component: cocoapods-downloader (Ruby gem). Root c...

9.8CVSS9.4AI score0.01781EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/04/01 5:35 p.m.18 views

CVE-2022-24440 Command Injection

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

8.1CVSS10AI score0.02713EPSS
Exploits0References3
OSV
OSV
added 2022/04/01 5:35 p.m.16 views

CVE-2022-24440 Command Injection

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

8.1CVSS7.2AI score0.02713EPSS
Exploits0References5
CVE
CVE
added 2022/04/01 5:35 p.m.112 views

CVE-2022-24440

CVE-2022-24440 affects cocoapods-downloader: versions before 1.6.0, and 1.6.2 and before 1.6.3, are vulnerable to Command Injection via git argument injection in Pod::Downloader.preprocess_options, where git and branch are passed to git ls-remote enabling extra flags for injection. This could all...

9.8CVSS9.4AI score0.02713EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/01 5:32 p.m.11 views

CVE-2022-24440

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

9.8CVSS7.2AI score0.02713EPSS
Exploits0References4
Rows per page
Query Builder