Lucene search
K

6 matches found

vulnersOsv
vulnersOsv
added 2022/05/14 12:1 a.m.6 views

@fluentui/bundle-size (>=1.1.3 <=1.1.6), @georgs/beachball (=2.22.0) +17 more potentially affected by CVE-2022-25865 via workspace-tools (>=0.10.3 <=0.16.2)

workspace-tools NPM version =0.10.3, =1.1.3, =0.0.2, =0.0.2, =1.3.0, =0.1.1, =1.2.0, =1.0.3, =0.1.2, =6.1.2, =1.48.2, =0.3.0, =1.0.0, =0.13.0, =1.0.1 and more Source cves: CVE-2022-25865 Source advisory: OSV:GHSA-5875-M6JQ-VF78...

9.8CVSS7.2AI score0.06798EPSS
Exploits1
NVD
NVD
added 2022/05/13 8:15 p.m.32 views

CVE-2022-25865

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that...

9.8CVSS0.06798EPSS
Exploits1References3
OSV
OSV
added 2022/05/13 8:0 p.m.26 views

CVE-2022-25865 Command Injection

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that...

8.1CVSS7.2AI score0.06798EPSS
Exploits1References5
CVE
CVE
added 2022/05/13 8:0 p.m.83 views

CVE-2022-25865

The vulnerability affects the package workspace-tools prior to 0.18.4. The issue resides in the function fetchRemoteBranch(remote, remoteBranch, cwd) where both the remote and remoteBranch arguments are passed to the git fetch subcommand in a way that allows additional flags to be set, enabling a...

9.8CVSS9.4AI score0.06798EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/05/13 8:0 p.m.24 views

CVE-2022-25865 Command Injection

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that...

8.1CVSS10AI score0.06798EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2022/03/11 10:58 a.m.12 views

@fluentui/bundle-size (>=1.1.3 <=1.1.6), @georgs/beachball (=2.22.0) +17 more potentially affected by CVE-2022-25865 via workspace-tools (>=0.10.3 <=0.16.2)

workspace-tools NPM version =0.10.3, =1.1.3, =0.0.2, =0.0.2, =1.3.0, =0.1.1, =1.2.0, =1.0.3, =0.1.2, =6.1.2, =1.48.2, =0.3.0, =1.0.0, =0.13.0, =1.0.1 and more Source cves: CVE-2022-25865 Source advisory: SNYK:JS-WORKSPACETOOLS-2421201...

9.8CVSS7.2AI score0.06798EPSS
Exploits1
Rows per page
Query Builder