Lucene search
K

12 matches found

CVE
CVE
added 2026/04/25 5:0 a.m.72 views

CVE-2026-6951

CVE-2026-6951 affects the Node.js package “simple-git.” The vulnerability lies in versions before 3.36.0, due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input reaches the options argument, an attacker could achieve remote c...

9.8CVSS6.5AI score0.00877EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/03/10 6:38 p.m.7 views

GHSA-R275-FR43-PM7Q simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key enables RCE

Summary The blockUnsafeOperationsPlugin in simple-git fails to block git protocol override arguments when the config key is passed in uppercase or mixed case. An attacker who controls arguments passed to git operations can enable the ext:: protocol by passing -c PROTOCOL.ALLOW=always, which...

9.8CVSS7.4AI score0.01296EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2026/03/07 8:3 p.m.7 views

org.webjars.npm:g-status (=2.0.2), org.webjars.npm:graphql-toolkit__git-loader (=0.7.5) potentially affected by CVE-2022-25912 +1 more via org.webjars.npm:simple-git (>=1.129.0 <=1.132.0)

org.webjars.npm:simple-git MAVEN version =1.129.0, =1.132.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:simple-git and may be impacted: - org.webjars.npm:g-status =2.0.2 - org.webjars.npm:graphql-toolkitgit-loader =0.7.5 Source cves...

9.8CVSS7.2AI score0.02784EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/03/07 8:3 p.m.7 views

3extensions (=1.0.1), @51jbs/incremental-coverage-plugin (=1.0.5) +534 more potentially affected by CVE-2022-25912 +1 more via simple-git (>=3.0.3 <=3.35.2)

simple-git NPM version =3.0.3, =1.0.1, =1.0.1, =0.0.0-ad-beta.1, =0.0.0-aj-beta.3, =23.0.0, =35.0.0, =1.4.0, =0.1.5-alpha.0, =1.0.2, =0.0.0-aj-beta.221, =8.7.2, =8.11.4 and more Source cves: CVE-2022-25912, CVE-2026-6951 Source advisory: SNYK:JS-SIMPLEGIT-15456078...

9.8CVSS7.2AI score0.02784EPSS
Exploits2
Snyk
Snyk
added 2026/03/07 8:3 p.m.6 views

Remote Code Execution (RCE)

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrust...

9.8CVSS6.7AI score0.02784EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/05 8:42 p.m.30 views

Security Bulletin: IBM Storage Ceph is vulnerable to OS Command Injection in Grafana (CVE-2022-25912, CVE-2022-25860, CVE-2022-25908)

Summary Simple Git is used by IBM Storage Ceph in Grafana for Metrics. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. CVE-2022-25912, CVE-2022-25860, CVE-2022-25908. Vulnerability Details CVEID:CVE-2022-25912 DESCRIPTION: Node.js simple-git module cou...

9.8CVSS8.8AI score0.02784EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/16 8:23 p.m.43 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...

9.8CVSS10AI score0.08515EPSS
Exploits13Affected Software1
OSV
OSV
added 2023/01/26 9:30 p.m.47 views

GHSA-9W5J-4MWV-2WJ8 Remote code execution in simple-git

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...

9.8CVSS9.1AI score0.02712EPSS
Exploits1References4
Prion
Prion
added 2023/01/26 9:15 p.m.19 views

Input validation

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...

7.5CVSS9.7AI score0.02784EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2023/01/24 5:0 a.m.110 views

CVE-2022-25860

The CVE-2022-25860 entry concerns the simple-git package. Versions before 3.16.0 are vulnerable to Remote Code Execution via clone(), pull(), push(), and listRemote() due to improper input sanitization, tied to an incomplete fix of CVE-2022-25912. CERT/OSV/NVD/IBM/Red Hat references confirm the i...

9.8CVSS9.7AI score0.02712EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2022/12/20 1:16 p.m.4 views

@51jbs/incremental-coverage-plugin (=1.0.5), @51jbs/spec-plugin (=2.0.0) +98 more potentially affected by CVE-2022-25860 +1 more via simple-git (>=3.0.3 <=3.15.1)

simple-git NPM version =3.0.3, =0.0.0-ad-beta.1, =0.0.0-aj-beta.3, =5.26.6, =14.24.1, =2.0.0, =0.0.64, =1.0.1-beta.0, =2.2.0, =2.3.2 and more Source cves: CVE-2022-25860, CVE-2022-25912 Source advisory: SNYK:JS-SIMPLEGIT-3177391...

9.8CVSS7.2AI score0.02784EPSS
Exploits2
CVE
CVE
added 2022/12/12 1:49 a.m.121 views

CVE-2022-25912

CVE-2022-25912 affects the Node.js simple-git module prior to 3.16.0, with remote code execution via the ext transport protocol during clone() (incomplete fix of CVE-2022-24066). Several connected sources corroborate RCE via clone()/pull()/push()/listRemote() paths when input is crafted, with exp...

9.8CVSS9.1AI score0.02784EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder