4 matches found
CVE-2022-25866
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set...
CVE-2022-25866 Command Injection
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set...
CVE-2022-25866
CVE-2022-25866 affects the PHP Git library czproject/git-php prior to 4.0.3. The vulnerability lies in isRemoteUrlReadable($url, array $refs = NULL), where url and refs are passed to git ls-remote in a way that allows extra flags to be injected, enabling command execution. Documented impact is co...
CVE-2022-25866 Command Injection
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set...