Lucene search
K

6 matches found

vulnersosv
vulnersosv
added 2026/04/13 4:35 p.m.8 views

1508-cli (>=1.0.4 <=1.0.6), 3extensions (=1.0.1) +4899 more potentially affected by CVE-2022-25860 +1 more via simple-git (>=0.10.0 <=3.31.1)

simple-git NPM version =0.10.0, =1.0.4, =1.0.0, =0.0.80, =1.0.0, =2.0.0, =0.0.0, =0.0.1, =0.0.1, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.1.16 and more Source cves: CVE-2022-25860, CVE-2026-28291 Source advisory: OSV:GHSA-JCXM-M3JX-F287...

9.8CVSS7.2AI score0.02712EPSS
Exploits2
ibm
ibm
added 2024/08/05 8:42 p.m.30 views

Security Bulletin: IBM Storage Ceph is vulnerable to OS Command Injection in Grafana (CVE-2022-25912, CVE-2022-25860, CVE-2022-25908)

Summary Simple Git is used by IBM Storage Ceph in Grafana for Metrics. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. CVE-2022-25912, CVE-2022-25860, CVE-2022-25908. Vulnerability Details CVEID:CVE-2022-25912 DESCRIPTION: Node.js simple-git module cou...

9.8CVSS8.8AI score0.02784EPSS
Exploits3Affected Software1
vulnersosv
vulnersosv
added 2023/01/26 9:30 p.m.4 views

1508-cli (>=1.0.4 <=1.0.6), 40banner (>=1.0.0 <=1.1.2) +4524 more potentially affected by CVE-2022-25860 via simple-git (>=0.10.0 <=3.15.1)

simple-git NPM version =0.10.0, =1.0.4, =1.0.0, =0.0.80, =1.0.0, =2.0.0, =0.0.0, =0.0.1, =0.0.1, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.1.16 and more Source cves: CVE-2022-25860 Source advisory: OSV:GHSA-9W5J-4MWV-2WJ8...

9.8CVSS7.2AI score0.02712EPSS
Exploits1
vulnrichment
vulnrichment
added 2023/01/24 5:0 a.m.6 views

CVE-2022-25860

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...

8.1CVSS7.9AI score0.02712EPSS
Exploits1References3
cve
cve
added 2023/01/24 5:0 a.m.109 views

CVE-2022-25860

The CVE-2022-25860 entry concerns the simple-git package. Versions before 3.16.0 are vulnerable to Remote Code Execution via clone(), pull(), push(), and listRemote() due to improper input sanitization, tied to an incomplete fix of CVE-2022-25912. CERT/OSV/NVD/IBM/Red Hat references confirm the i...

9.8CVSS9.7AI score0.02712EPSS
Exploits1References3Affected Software1
vulnersosv
vulnersosv
added 2022/12/20 1:16 p.m.4 views

@51jbs/incremental-coverage-plugin (=1.0.5), @51jbs/spec-plugin (=2.0.0) +98 more potentially affected by CVE-2022-25860 +1 more via simple-git (>=3.0.3 <=3.15.1)

simple-git NPM version =3.0.3, =0.0.0-ad-beta.1, =0.0.0-aj-beta.3, =5.26.6, =14.24.1, =2.0.0, =0.0.64, =1.0.1-beta.0, =2.2.0, =2.3.2 and more Source cves: CVE-2022-25860, CVE-2022-25912 Source advisory: SNYK:JS-SIMPLEGIT-3177391...

9.8CVSS7.2AI score0.02784EPSS
Exploits2
Rows per page
Query Builder