Lucene search
+L

9 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/05/16 8:23 p.m.45 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...

9.8CVSS10AI score0.08515EPSS
Exploits13Affected Software1
CVE
CVE
added 2022/12/12 1:49 a.m.122 views

CVE-2022-25912

CVE-2022-25912 affects the Node.js simple-git module prior to 3.16.0, with remote code execution via the ext transport protocol during clone() (incomplete fix of CVE-2022-24066). Several connected sources corroborate RCE via clone()/pull()/push()/listRemote() paths when input is crafted, with exp...

9.8CVSS9.1AI score0.02784EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2022/12/08 3:15 a.m.32 views

Remote Code Execution (RCE)

simple-git is vulnerable to remote code execution.The vulnerability exists in the clone function of git.js because of enabling the ext transport protocol which allows an attacker to inject and execute arbitrary codes into the system. This is an incomplete fix of CVE-2022-24066...

9.8CVSS9.4AI score0.04067EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/06 6:30 a.m.37 views

simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol

The package simple-git before 3.15.0 is vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due to an incomplete fix of CVE-2022-24066...

9.8CVSS4.5AI score0.02784EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2022/04/01 8:15 p.m.32 views

CVE-2022-24066

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

9.8CVSS0.04067EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/04/01 8:0 p.m.48 views

CVE-2022-24066 Command Injection

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

8.1CVSS10AI score0.04067EPSS
Exploits1References4
CVE
CVE
added 2022/04/01 8:0 p.m.142 views

CVE-2022-24066

The CVE-2022-24066 issue affects the simple-git package prior to version 3.5.0, where command injection is possible due to an incomplete fix of CVE-2022-24433 and exposure via --upload-pack during fetch and an analogous path for git clone. Affected software: simple-git (Node.js). Root cause: inco...

9.8CVSS9.2AI score0.04067EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/04/01 8:0 p.m.21 views

CVE-2022-24066 Command Injection

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

8.1CVSS7.2AI score0.04067EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2022/04/01 8:0 p.m.3 views

CVE-2022-24066

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

9.8CVSS5.5AI score0.04067EPSS
Exploits1References5
Rows per page
Query Builder