@gotoeasy/count-line-cli (>=1.0.7 <=1.1.5), @pingy/cli (>=0.10.0 <=0.11.2) +5 more potentially affected by CVE-2022-24437 via git-pull-or-clone (>=1.1.0 <=1.3.0)

git-pull-or-clone NPM version =1.1.0, =1.0.7, =0.10.0, =8.0.0, =0.7.8, =0.5.0, =0.1.0, =1.0.1, =1.0.11 Source cves: CVE-2022-24437 Source advisory: OSV:GHSA-3X62-X456-Q2VM...

PT-2022-16696 · Git +1 · Git +1

Name of the Vulnerable Software and Affected Versions: git-pull-or-clone versions prior to 2.0.2 Description: The issue arises from the use of the --upload-pack feature of git, which is also supported for git clone. Although the source utilizes the secure child process API spawn, the outpath...

git-pull-or-clone 参数注入漏洞

git-pull-or-clone is used to ensure that a git repository exists on disk and is up-to-date. A parameter injection vulnerability exists in git-pull-or-clone versions prior to 2.0.2, which can be exploited to cause arbitrary command injection...