9 matches found
Command injection in czproject/git-php
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set...
CVE-2022-25866
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set...
CVE-2022-24440
The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...
Command Injection
Overview czproject/git-php is a Library for work with Git repository in PHP. Affected versions of this package are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the...
OS Command Injection
jenkins-git-client-plugin is vulnerable to OS command injection via 'git ls-remote'...
jenkins-git-client-plugin: OS command injection via 'git ls-remote'
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...
jenkins-git-client-plugin: OS command injection via 'git ls-remote'
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...
jenkins-git-client-plugin: OS command injection via 'git ls-remote'
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...
PT-2019-11786 · Jenkins · Jenkins Git Client Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Git Client Plugin versions 2.8.4 and earlier Jenkins Git Client Plugin version 3.0.0-rc Description: The issue results from improper restriction of values passed as URL arguments to an invocation of git ls-remote, leading to OS comman...