15 matches found
CVE-2026-28292
simple-git, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes CVE-2022-25860 and CVE-2022-25912 and achieve full remote code execution on the host machine. Version 3.23.0 contains ...
CVE-2022-1440
Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...
CVE-2023-2013
Removed by vendor...
SUSE CVE-2016-1900
CRLF injection vulnerability in the cgitprinthttpheaders function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting XSS attacks via newline...
Command injection in git-interface
A command injection vulnerability exists in git-interface in the GitHub repository yarkeev/git-interface prior to 2.1.2. If both the git remote and destination directory are provided by user input, then the use of an --upload-pack command-line argument feature of git is also supported for git...
gitboost (>=0.0.5 <=0.0.6) potentially affected by CVE-2022-1440 via git-interface (=0.1.9)
git-interface NPM version =0.1.9 is affected by a known vulnerability. The following packages have a transitive dependency on git-interface and may be impacted: - gitboost =0.0.5, =0.0.6 Source cves: CVE-2022-1440 Source advisory: OSV:GHSA-QFFW-8WG7-H665...
GHSA-QFFW-8WG7-H665 Command injection in git-interface
A command injection vulnerability exists in git-interface in the GitHub repository yarkeev/git-interface prior to 2.1.2. If both the git remote and destination directory are provided by user input, then the use of an --upload-pack command-line argument feature of git is also supported for git...
CVE-2022-1440
Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...
CVE-2022-1440
Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...
CVE-2022-1440 Command Injection vulnerability in [email protected] in yarkeev/git-interface
Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...
CVE-2022-1440 Command Injection vulnerability in [email protected] in yarkeev/git-interface
Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...
CVE-2022-1440
CVE-2022-1440 affects git-interface in yarkeev/git-interface prior to 2.1.2. The root cause is lack of input filtering for the git clone path and the --upload-pack argument, enabling command execution on the host when both the remote and destination are provided by user input. Consequences descri...
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Overview git-interface is an interface to work with a git repository in node.js Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'. The API may be abused if user input is able to provide a valid directory on disk an...
git-interface 操作系统命令注入漏洞
git-interface is an interface for using git repositories in node.js by the Russian individual developer Yarkeev Denis. A security vulnerability exists in yarkeev git-interface versions prior to 2.1.1, which stems from a lack of filtering of the git clone and git --upload-pack command line...
Command Injection vulnerability in [email protected]
Command Injection vulnerability in [email protected] git-interface describes itself as a Interface to work with a git repository in node.js Resources: Project's GitHub source code: https://github.com/yarkeev/git-interface Project's npm package: https://www.npmjs.com/package/git-interface I'm...