CVE-2022-25766

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

Design/Logic Flaw

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

EUVD-2022-1441

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

CVE-2022-25766

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

PT-2022-17499 · Ungit · Ungit

Name of the Vulnerable Software and Affected Versions: ungit versions prior to 1.5.20 Description: The issue occurs when calling the "/api/fetch" endpoint, where user-controlled values remote and ref are passed to the git fetch command. By injecting some git options, it is possible to get arbitra...

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.

...

SUSE: Security Advisory (SUSE-SU-2022:0826-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-3F95-R44V-8MRG Command injection in simple-git

The package simple-git before 3.3.0 is vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options, it was possible to get arbitrary...

ALPINE-CVE-2022-0908

Null source pointer passed as an argument to memcpy function within TIFFFetchNormalTag in tifdirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file...

AZL-44427 CVE-2022-0908 affecting package openjpeg2 2.3.1-12

Null source pointer passed as an argument to memcpy function within TIFFFetchNormalTag in tifdirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file...

AZL-9021 CVE-2022-0908 affecting package libtiff for versions less than 4.3.0-2

Null source pointer passed as an argument to memcpy function within TIFFFetchNormalTag in tifdirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file...

UBUNTU-CVE-2022-0908

Null source pointer passed as an argument to memcpy function within TIFFFetchNormalTag in tifdirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file...

CVE-2022-24433

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...

CVE-2022-24433 Command Injection

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...

CVE-2022-24433

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...

Command Injection

Overview git is a Ruby library that can be used to create, read and manipulate Git repositories by wrapping system calls to the git binary. Affected versions of this package are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, t...

Command Injection

Overview workspace-tools is a JS Monorepo Workspace Tools. Affected versions of this package are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function, both the remote and remoteBranch parameters ar...

Command Injection

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are...

PT-2022-16694 · Unknown · Simple-Git

Name of the Vulnerable Software and Affected Versions: simple-git versions prior to 3.3.0 Description: The issue allows for Command Injection via argument injection. When calling the fetch function with parameters remote, branch, and handlerFn, both the remote and branch parameters are passed to...

simple-git-hooks 参数注入漏洞

simple-git-hooks is an application. A simple git hooks manager for small projects A parameter injection vulnerability exists in simple-git-hooks, which stems from the fact that when the .fetchremote, branch, handlerFn function is called, both the remote and branch parameters are passed to the git...