EUVD-2024-3104

Malicious code in bioql PyPI...

EUVD-2024-2956

Malicious code in bioql PyPI...

Command Injection

ggit is vulnerable to Command Injection. The vulnerability is due to user input being concatenated with a git command, which is then passed to the unsafe exec Node.js child process API. It allows an attacker to inject arbitrary commands...

@belym.a.2105/publish-please (>=2.4.0 <=2.4.1), @codefresh-io/docker-compose-environment (>=0.0.4 <=0.0.8) +93 more potentially affected by CVE-2024-21533 via ggit (>=0.0.4 <=2.4.12)

ggit NPM version =0.0.4, =2.4.0, =0.0.4, =0.0.12, =1.0.1, =0.1.5, =0.7.2, =4.1.6, =0.0.2, =0.7.3, =1.0.8, =1.0.0, =0.13.0, =1.4.0, =1.0.3, =1.2.0 and more Source cves: CVE-2024-21533 Source advisory: OSV:GHSA-PR45-CG4X-FF4M...

PT-2024-18946

Name of the Vulnerable Software and Affected Versions ggit versions all Description The issue concerns Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched. This input is then concatenated with a git command and passed to the unsafe exec Node....

@belym.a.2105/publish-please (>=2.4.0 <=2.4.1), @codefresh-io/docker-compose-environment (>=0.0.4 <=0.0.8) +112 more potentially affected by CVE-2024-21532 via ggit (>=0.0.4 <=2.4.9)

ggit NPM version =0.0.4, =2.4.0, =0.0.4, =0.0.12, =1.0.1, =0.1.5, =0.0.190, =1.1.2, =0.7.2, =0.1.0, =4.1.6, =0.1.0, =0.0.2, =0.7.3, =0.10.71 and more Source cves: CVE-2024-21532 Source advisory: SNYK:JS-GGIT-5731320...

@belym.a.2105/publish-please (>=2.4.0 <=2.4.1), @codefresh-io/docker-compose-environment (>=0.0.4 <=0.0.8) +112 more potentially affected by CVE-2024-21533 via ggit (>=0.0.4 <=2.4.9)

ggit NPM version =0.0.4, =2.4.0, =0.0.4, =0.0.12, =1.0.1, =0.1.5, =0.0.190, =1.1.2, =0.7.2, =0.1.0, =4.1.6, =0.1.0, =0.0.2, =0.7.3, =0.10.71 and more Source cves: CVE-2024-21533 Source advisory: SNYK:JS-GGIT-5731319...