2 matches found
CVE-2022-24440 Command Injection
The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...
CVE-2022-24440
CVE-2022-24440 affects cocoapods-downloader: versions before 1.6.0, and 1.6.2 and before 1.6.3, are vulnerable to Command Injection via git argument injection in Pod::Downloader.preprocess_options, where git and branch are passed to git ls-remote enabling extra flags for injection. This could all...