Lucene search
+L

9 matches found

github
github
added 2022/04/26 12:0 a.m.35 views

Command injection in czproject/git-php

The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set...

9.8CVSS4.1AI score0.03883EPSS
Exploits1References5Affected Software1
attackerkb
attackerkb
added 2022/04/25 5:6 p.m.3 views

CVE-2022-25866

The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set...

9.8CVSS7.2AI score0.03883EPSS
Exploits1References4
attackerkb
attackerkb
added 2022/04/01 5:32 p.m.13 views

CVE-2022-24440

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

9.8CVSS7.2AI score0.02713EPSS
Exploits0References4
snyk
snyk
added 2022/03/11 3:25 p.m.1 views

Command Injection

Overview czproject/git-php is a Library for work with Git repository in PHP. Affected versions of this package are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the...

9.8CVSS7.3AI score0.03883EPSS
Exploits1References2
veracode
veracode
added 2020/06/19 3:53 a.m.28 views

OS Command Injection

jenkins-git-client-plugin is vulnerable to OS command injection via 'git ls-remote'...

8.8CVSS4AI score0.25779EPSS
Exploits1References4Affected Software1
redhat
redhat
added 2020/06/17 10:38 p.m.5 views

jenkins-git-client-plugin: OS command injection via 'git ls-remote'

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

8.8CVSS7.3AI score0.25779EPSS
Exploits1References5
redhat
redhat
added 2020/03/12 10:2 p.m.6 views

jenkins-git-client-plugin: OS command injection via 'git ls-remote'

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

8.8CVSS7.3AI score0.25779EPSS
Exploits1References5
redhat
redhat
added 2020/02/24 4:8 p.m.6 views

jenkins-git-client-plugin: OS command injection via 'git ls-remote'

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

8.8CVSS7.3AI score0.25779EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2019/09/12 12:0 a.m.5 views

PT-2019-11786 · Jenkins · Jenkins Git Client Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Client Plugin versions 2.8.4 and earlier Jenkins Git Client Plugin version 3.0.0-rc Description: The issue results from improper restriction of values passed as URL arguments to an invocation of git ls-remote, leading to OS comman...

8.8CVSS8.8AI score0.25779EPSS
Exploits1References8
Rows per page
Query Builder