Command Injection

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are...

simple-git-hooks 参数注入漏洞

simple-git-hooks is an application. A simple git hooks manager for small projects A parameter injection vulnerability exists in simple-git-hooks, which stems from the fact that when the .fetchremote, branch, handlerFn function is called, both the remote and branch parameters are passed to the git...

PT-2022-16694 · Unknown · Simple-Git

Name of the Vulnerable Software and Affected Versions: simple-git versions prior to 3.3.0 Description: The issue allows for Command Injection via argument injection. When calling the fetch function with parameters remote, branch, and handlerFn, both the remote and branch parameters are passed to...

docker: command injection due to a missing validation of the git ref command

A command injection flaw was discovered in Docker during the docker build command. By providing a specially crafted path argument for the container to build, it is possible to inject command options to the git fetch/git checkout commands that are executed by Docker and to execute code with the...