PT-2022-20314

Name of the Vulnerable Software and Affected Versions Gitea versions 1.16.6 and prior Description The issue is related to the improper handling of git fetch, allowing for shell command injection. This is due to the lack of escaping for the git fetch remote. There is no information provided about...

gitea -- Escape git fetch remote

The Gitea team reports: Escape git fetch remote in services/migrations/giteauploader.go...

CVE-2022-25648

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...

CVE-2022-25648

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...

ruby-git 参数注入漏洞

ruby-git is a Ruby library. It can be used to create, read, and manipulate Git repositories by wrapping system calls in git binaries. A security vulnerability exists in ruby-git, which stems from the fact that when the fetchremote = origin, opts = function is called, the remote argument is passed...

PT-2022-7286

Name of the Vulnerable Software and Affected Versions git versions prior to 1.11.0 Description The issue is related to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that...

Command injection

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

Remote Code Execution (RCE)

ungit is vulnerable to remote code execution. An attacker can inject and execute malicious git options through the user-controlled values in the git fetch command when calling the /api/fetch endpoint...

GHSA-HF8C-XR89-VFM5 Command Injection in ungit

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

Command Injection in ungit

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

CVE-2022-25766

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

Design/Logic Flaw

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

EUVD-2022-1441

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

PT-2022-17499 · Ungit · Ungit

Name of the Vulnerable Software and Affected Versions: ungit versions prior to 1.5.20 Description: The issue occurs when calling the "/api/fetch" endpoint, where user-controlled values remote and ref are passed to the git fetch command. By injecting some git options, it is possible to get arbitra...

GHSA-3F95-R44V-8MRG Command injection in simple-git

The package simple-git before 3.3.0 is vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options, it was possible to get arbitrary...

CVE-2022-24433

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...

CVE-2022-24433 Command Injection

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...

CVE-2022-24433

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...

Command Injection

Overview git is a Ruby library that can be used to create, read and manipulate Git repositories by wrapping system calls to the git binary. Affected versions of this package are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, t...

Command Injection

Overview workspace-tools is a JS Monorepo Workspace Tools. Affected versions of this package are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function, both the remote and remoteBranch parameters ar...