24 matches found
EUVD-2022-2257
Malicious code in bioql PyPI...
EUVD-2021-32802
Malicious code in bioql PyPI...
SUSE CVE-2021-46101
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...
Command Injection
git-pull-or-clone is vulnerable to command injection. A remote attacker is able to inject malicious command-line arguments to be executed on the OS through the gitClone function via the --upload-pack feature of git...
GHSA-3X62-X456-Q2VM OS Command Injection in git-pull-or-clone
The package git-pull-or-clone before 2.0.2 is vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...
@gotoeasy/count-line-cli (>=1.0.7 <=1.1.5), @pingy/cli (>=0.10.0 <=0.11.2) +5 more potentially affected by CVE-2022-24437 via git-pull-or-clone (>=1.1.0 <=1.3.0)
git-pull-or-clone NPM version =1.1.0, =1.0.7, =0.10.0, =8.0.0, =0.7.8, =0.5.0, =0.1.0, =1.0.1, =1.0.11 Source cves: CVE-2022-24437 Source advisory: OSV:GHSA-3X62-X456-Q2VM...
OS Command Injection in git-pull-or-clone
The package git-pull-or-clone before 2.0.2 is vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...
CVE-2022-24437
The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...
Command injection
The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...
CVE-2022-24437 Command Injection
The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...
CVE-2022-24437
The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...
PT-2022-16696 · Git +1 · Git +1
Name of the Vulnerable Software and Affected Versions: git-pull-or-clone versions prior to 2.0.2 Description: The issue arises from the use of the --upload-pack feature of git, which is also supported for git clone. Although the source utilizes the secure child process API spawn, the outpath...
git-pull-or-clone 参数注入漏洞
git-pull-or-clone is used to ensure that a git repository exists on disk and is up-to-date. A parameter injection vulnerability exists in git-pull-or-clone versions prior to 2.0.2, which can be exploited to cause arbitrary command injection...
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Overview git-pull-or-clone is an Ensure a git repo exists on disk and that it's up-to-date Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to the use of the --upload-pack feature of git which is also supporte...
CVE-2021-46101
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...
CVE-2021-46101
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...
ALPINE-CVE-2021-46101
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...
Design/Logic Flaw
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...
CVE-2021-46101
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly...
Git 安全漏洞
Git is a free, open source distributed version control system. Git for windows has a security vulnerability that stems from updating local repositories using Git pull in Git for windows up to 2.34.1, which Git. CMD can run directly...