Command injection

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...

CVE-2022-25900 Command Injection

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...

CVE-2022-25900

CVE-2022-25900 affects the npm package git-clone. All versions are vulnerable to Command Injection due to insecure usage of git’s --upload-pack feature, as stated in the CVE description and corroborated by multiple connected sources. The root cause is improper handling/neutralization of arguments...

CVE-2022-25900

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...

git-clone 参数注入漏洞

git-clone is a repository for cloning git repositories developed by Jason Frame in the UK. A parameter injection vulnerability exists in git-clone, which stems from an unsafe use of git's --upload-pack feature, which makes all versions of the package git-clone vulnerable to command injection...

PT-2022-17595

Name of the Vulnerable Software and Affected Versions: git-clone affected versions not specified Description: The git-clone package is susceptible to Command Injection due to insecure usage of the --upload-pack feature of git. This allows for potential malicious code execution. Credit for...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

Confluence RCE CVE-2022-26134 Exploit Detection Pre-requ...

GHSA-3X62-X456-Q2VM OS Command Injection in git-pull-or-clone

The package git-pull-or-clone before 2.0.2 is vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

OS Command Injection in git-pull-or-clone

The package git-pull-or-clone before 2.0.2 is vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

Command injection

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

CVE-2022-24437

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

OS Command Injection

git-interface is vulnerable to OS command injection. When a user uses git clone feature, the use of command-line-argument --upload-pack with a valid directory on disk allows the destination directory to clone a repository too...

GHSA-QFFW-8WG7-H665 Command injection in git-interface

A command injection vulnerability exists in git-interface in the GitHub repository yarkeev/git-interface prior to 2.1.2. If both the git remote and destination directory are provided by user input, then the use of an --upload-pack command-line argument feature of git is also supported for git...

CVE-2022-1440

Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...

GHSA-28XR-MWXG-3QC8 Command injection in simple-git

simple-git maintained as git-js named repository on GitHub is a light weight interface for running git commands in any node.js application.The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch...

Command injection

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

CVE-2022-24066 Command Injection

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

PT-2022-16447 · Unknown · Simple-Git

Name of the Vulnerable Software and Affected Versions: simple-git versions prior to 3.5.0 Description: The issue arises from an incomplete fix of a previous command injection vulnerability, which only addressed the git fetch attack vector. The --upload-pack feature of git, also supported for git...

-llscw-react-cli (>=1.0.0 <=1.1.0-beta2), 002-node-cli (=1.0.0) +13402 more potentially affected by CVE-2022-25900 via git-clone (>=0.0.2 <=0.2.0)

git-clone NPM version =0.0.2, =1.0.0, =0.0.1, =1.0.0, =1.0.11 and more Source cves: CVE-2022-25900 Source advisory: SNYK:JS-GITCLONE-2434308...

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview git-clone is a Clone a git repository Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to insecure usage of the --upload-pack feature of git. Note: A note was added to the README file of the package t...