11 matches found
CVE-2020-7630
git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument...
EUVD-2022-1039
Malicious code in bioql PyPI...
OS Command Injection in git-add-remote
git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument...
GHSA-H9V8-RM3M-5H5F OS Command Injection in git-add-remote
git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument...
generate-gh-repo (=1.1.0), generate-project (>=0.7.0 <=1.0.0) +1 more potentially affected by CVE-2020-7630 via git-add-remote (=1.0.0)
git-add-remote NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on git-add-remote and may be impacted: - generate-gh-repo =1.1.0 - generate-project =0.7.0, =1.0.4, =1.0.6 Source cves: CVE-2020-7630 Source advisory: OSV:GHSA-H9V8-RM3M-5H5...
git-add-remote command injection vulnerability
git-add-remote is a package for adding Git remote repositories. An injection vulnerability exists in git-add-remote 1.0.0 and earlier versions, which stems from a lack of proper validation of user input. A remote attacker can exploit this vulnerability by sending a specially crafted 'name'...
CVE-2020-7630
git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument...
CVE-2020-7630
git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument...
CVE-2020-7630
The CVE-2020-7630 entry concerns git-add-remote up to version 1.0.0 with a command-injection flaw: an attacker can execute arbitrary commands via the name argument. The connected sources corroborate the RCE potential but provide no remediation or patch details in the supplied documents.
Command Injection
Overview git-add-remote is an API for adding git remotes. Affected versions of this package are vulnerable to Command Injection. The argument name can be controlled by users without any sanitization. PoC var root = require"git-add-remote"; var payload = "& touch Song"; rootpayload,'',function;...
generate-gh-repo (=1.1.0), generate-project (>=0.7.0 <=1.0.0) +1 more potentially affected by CVE-2020-7630 via git-add-remote (=1.0.0)
git-add-remote NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on git-add-remote and may be impacted: - generate-gh-repo =1.1.0 - generate-project =0.7.0, =1.0.4, =1.0.6 Source cves: CVE-2020-7630 Source advisory:...