24 matches found
CVE-2022-24440
The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...
PT-2022-16698
Name of the Vulnerable Software and Affected Versions cocoapods-downloader versions prior to 1.6.0 cocoapods-downloader versions 1.6.2 through 1.6.3 Description The issue concerns Command Injection via git argument injection. When the Pod::Downloader.preprocess options function is called and git ...
Command Injection
Overview cocoapods-downloader is an A small library for downloading files from remotes in a folder. Affected versions of this package are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch...
CVE-2019-15000
The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 the fixed version for 5.16.x , from 6.0.0 before 6.0.10 the fixed version for 6.0.x, from 6.1.0 before 6.1.8 the fixed version for 6.1.x, from 6.2.0 before 6.2.6 the fixed version for 6.2.x, from 6.3.0 before 6.3.5 t...