9 matches found
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...
CVE-2022-25912
CVE-2022-25912 affects the Node.js simple-git module prior to 3.16.0, with remote code execution via the ext transport protocol during clone() (incomplete fix of CVE-2022-24066). Several connected sources corroborate RCE via clone()/pull()/push()/listRemote() paths when input is crafted, with exp...
Remote Code Execution (RCE)
simple-git is vulnerable to remote code execution.The vulnerability exists in the clone function of git.js because of enabling the ext transport protocol which allows an attacker to inject and execute arbitrary codes into the system. This is an incomplete fix of CVE-2022-24066...
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
The package simple-git before 3.15.0 is vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due to an incomplete fix of CVE-2022-24066...
CVE-2022-24066
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...
CVE-2022-24066
The CVE-2022-24066 issue affects the simple-git package prior to version 3.5.0, where command injection is possible due to an incomplete fix of CVE-2022-24433 and exposure via --upload-pack during fetch and an analogous path for git clone. Affected software: simple-git (Node.js). Root cause: inco...
CVE-2022-24066 Command Injection
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...
CVE-2022-24066 Command Injection
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...
CVE-2022-24066
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...