EUVD-2020-0294

Malware in sbrugna...

CVE-2019-10776

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

OS command injection in git-diff-apply

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

GHSA-84CM-V6JP-GJMR OS command injection in git-diff-apply

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

git-diff-apply OS Command Injection Vulnerability

git-diff-apply is a package for getting git diff files and applying them to local branches. An operating system command injection vulnerability exists in the index.js file in versions of git-diff-apply prior to 0.22.2. The vulnerability stems from a network system or product not properly filterin...

OS Command Injection

git-diff-apply is vulnerable to OS command injection. Lack of validation and sanitization of the remoteUrl parameter allows an attacker to inject arbitrary OS command via the affected parameter that is subsequently used in utils.run as a git command...

CVE-2019-10776

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

CVE-2019-10776

CVE-2019-10776 affects the package git-diff-apply prior to v0.22.2. The vulnerability stems from unvalidated input in index.js where a run() command is constructed from a user-controlled remoteUrl, enabling OS command injection. Impact could include remote code execution if untrusted input is sup...

CVE-2019-10776

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

@gulpjs/update-template (>=0.1.0 <=0.2.1), @lblod/ember-rdfa-editor-stemming-module-plugin (>=0.1.0 <=0.1.3) +11 more potentially affected by CVE-2019-10776 via git-diff-apply (>=0.0.5 <=0.22.10)

git-diff-apply NPM version =0.0.5, =0.1.0, =0.1.0, =0.8.0, =0.1.9, =0.0.1, =0.9.0, =0.2.2, =0.14.0, =3.0.0 Source cves: CVE-2019-10776 Source advisory: SNYK:JS-GITDIFFAPPLY-540774...

Command Injection

Overview git-diff-apply is a package that can be used to reach an unrelated remote repository to apply a git diff. Affected versions of this package are vulnerable to Command Injection. In "index.js" file, line 240, the run command executes the git command with an user controlled variable called...