Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-1593

Malicious code in bioql PyPI...

9.8CVSS8.6AI score0.04067EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/16 8:23 p.m.42 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...

9.8CVSS10AI score0.08515EPSS
Exploits13Affected Software1
Veracode
Veracode
added 2022/04/04 7:25 a.m.29 views

Command Injection

simple-git is vulnerable to command injection. The vulnerability exists in cloneTask function in clone.ts due to the use of --upload-pack in git.clone which allows an attacker to inject and execute arbitrary codes. This is possible due to an incomplete fix of CVE-2022-24433...

9.8CVSS4.7AI score0.04067EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/04/02 12:0 a.m.37 views

GHSA-28XR-MWXG-3QC8 Command injection in simple-git

simple-git maintained as git-js named repository on GitHub is a light weight interface for running git commands in any node.js application.The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch...

8.1CVSS9.2AI score0.04067EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/04/02 12:0 a.m.72 views

Command injection in simple-git

simple-git maintained as git-js named repository on GitHub is a light weight interface for running git commands in any node.js application.The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch...

9.8CVSS1.7AI score0.04067EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2022/04/01 8:15 p.m.20 views

Command injection

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

7.5CVSS9.7AI score0.04067EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/03/12 12:0 a.m.5 views

1508-cli (>=1.0.4 <=1.0.6), 2context (>=0.1.0 <=0.2.0) +12268 more potentially affected by CVE-2022-24433 via simple-git (>=0.10.0 <=3.36.0)

simple-git NPM version =0.10.0, =1.0.4, =0.1.0, =0.1.0, =1.0.0, =0.16.0, =0.0.80, =1.0.0-beta.1, =1.0.0, =0.0.2, =1.0.0, =1.0.0, =1.25.0, =1.33.0 and more Source cves: CVE-2022-24433 Source advisory: OSV:GHSA-3F95-R44V-8MRG...

9.8CVSS7.1AI score0.03584EPSS
Exploits0
NVD
NVD
added 2022/03/11 5:16 p.m.35 views

CVE-2022-24433

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...

9.8CVSS0.03584EPSS
Exploits0References4
CVE
CVE
added 2022/03/11 4:15 p.m.113 views

CVE-2022-24433

CVE-2022-24433 affects the Node.js module simple-git (pre-3.5.0) and allows command injection via argument injection in the fetch path. The vulnerability arises because remote/branch values passed to the git fetch subcommand can be manipulated to execute arbitrary commands; the issue also concern...

9.8CVSS9.4AI score0.03584EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/03/11 4:15 p.m.28 views

CVE-2022-24433 Command Injection

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...

8.1CVSS7.3AI score0.03584EPSS
Exploits0References6
Rows per page
Query Builder