28 matches found
EUVD-2024-2956
Malicious code in bioql PyPI...
EUVD-2024-3104
Malicious code in bioql PyPI...
CVE-2024-21533
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...
CVE-2024-21532
All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...
Command Injection
ggit is vulnerable to Command Injection. The vulnerability is due to user input being concatenated with a git command, which is then passed to the unsafe exec Node.js child process API. It allows an attacker to inject arbitrary commands...
ggit is vulnerable to Arbitrary Argument Injection via the clone() API
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...
@belym.a.2105/publish-please (>=2.4.0 <=2.4.1), @codefresh-io/docker-compose-environment (>=0.0.4 <=0.0.8) +93 more potentially affected by CVE-2024-21533 via ggit (>=0.0.4 <=2.4.12)
ggit NPM version =0.0.4, =2.4.0, =0.0.4, =0.0.12, =1.0.1, =0.1.5, =0.7.2, =4.1.6, =0.0.2, =0.7.3, =1.0.8, =1.0.0, =0.13.0, =1.4.0, =1.0.3, =1.2.0 and more Source cves: CVE-2024-21533 Source advisory: OSV:GHSA-PR45-CG4X-FF4M...
ggit is vulnerable to Command Injection via the fetchTags(branch) API
All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...
@belym.a.2105/publish-please (>=2.4.0 <=2.4.1), @codefresh-io/docker-compose-environment (>=0.0.4 <=0.0.8) +93 more potentially affected by CVE-2024-21532 via ggit (>=0.0.4 <=2.4.12)
ggit NPM version =0.0.4, =2.4.0, =0.0.4, =0.0.12, =1.0.1, =0.1.5, =0.7.2, =4.1.6, =0.0.2, =0.7.3, =1.0.8, =1.0.0, =0.13.0, =1.4.0, =1.0.3, =1.2.0 and more Source cves: CVE-2024-21532 Source advisory: OSV:GHSA-62CX-5XJ4-WFM4...
GHSA-62CX-5XJ4-WFM4 ggit is vulnerable to Command Injection via the fetchTags(branch) API
All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...
CVE-2024-21533
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...
CVE-2024-21533
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...
CVE-2024-21532
All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...
CVE-2024-21532
All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...
CVE-2024-21533
GGIT is affected across all versions by Arbitrary Argument Injection via the clone() API. The root cause is failure to sanitize user input and validate URL schemes, plus improper handling of git command-line flags (using -- to end options). Public details include a PoC from Snyk and a GitHub gist...
CVE-2024-21533
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...
CVE-2024-21533
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...
CVE-2024-21532
The CVE-2024-21532 issue affects the npm package ggit. Affected versions allow Command Injection via fetchTags(branch): user input specifies the branch, which is concatenated into a git command that is passed to Node.js child_process.exec(), enabling potentially arbitrary commands. Root cause is ...
CVE-2024-21532
All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...
CVE-2024-21532
All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...