EUVD-2022-6025

Malicious code in bioql PyPI...

Command Injection

git-promise is vulnerable to command injection. The vulnerability exists in index.js due to an inappropriate fix for another vulnerability which allows an attacker to inject and execute arbitrary commands...

@apsis/cli (=0.5.0), @asmallstudio/utilities (>=0.2.2 <=0.3.3) +121 more potentially affected by CVE-2022-24376 via git-promise (>=0.2.0 <=1.0.0)

git-promise NPM version =0.2.0, =0.2.2, =1.1.8, =1.0.0, =2.0.0-beta.10, =1.0.13, =1.0.0, =0.0.8, =1.1.1 - @efox/eslint-config-react-prittier-ts =1.0.19 - @efox/pay =1.0.8 - @efox/plugin-babel-react =1.0.1 - @emfc/emfc-cli =1.1.0 and more Source cves: CVE-2022-24376 Source advisory:...

GHSA-CHJ3-F7XW-367M OS Command Injection in git-promise

All versions of package git-promise is vulnerable to Command Injection due to an inappropriate fix of a prior vulnerability in this package. Note: Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue. Credits @lirantal for discoveri...

OS Command Injection in git-promise

All versions of package git-promise is vulnerable to Command Injection due to an inappropriate fix of a prior vulnerability in this package. Note: Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue. Credits @lirantal for discoveri...

CVE-2022-24376

All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior vulnerability in this package. Note: Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue...

Command injection

All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior vulnerability in this package. Note: Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue...

CVE-2022-24376 Command Injection

All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior vulnerability in this package. Note: Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue...

CVE-2022-24376

CVE-2022-24376 (git-promise) is a command-injection vulnerability affecting all versions of the package due to an inappropriate fix of a prior issue. The available documents consistently state that there is no fixed version and that the README contains a warning about this vulnerability. The prac...

CVE-2022-24376

All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior vulnerability in this package. Note: Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue...

git-promise 参数注入漏洞

git-promise is a simple wrapper. Run any git command with a more intuitive syntax. A parameter injection vulnerability exists in all versions of git-promise due to the use of space-splitting in the logic used to separate command parameters in pull requests...

PT-2022-16654 · Unknown · Git-Promise

Name of the Vulnerable Software and Affected Versions: git-promise versions all Description: The issue is related to Command Injection due to an inappropriate fix of a prior vulnerability in the git-promise package. The README file was updated with a warning regarding this issue. It is noted that...

Command Injection

Overview git-promise is a Simple wrapper that allows you to run any git command using a more intuitive syntax. Affected versions of this package are vulnerable to Command Injection due to an inappropriate fix of a prior vulnerability in this package. Note: Please note that the vulnerability will...

@apsis/cli (=0.5.0), @asmallstudio/utilities (>=0.2.2 <=0.3.3) +121 more potentially affected by CVE-2022-24376 via git-promise (>=0.2.0 <=1.0.0)

git-promise NPM version =0.2.0, =0.2.2, =1.1.8, =1.0.0, =2.0.0-beta.10, =1.0.13, =1.0.0, =0.0.8, =1.1.1 - @efox/eslint-config-react-prittier-ts =1.0.19 - @efox/pay =1.0.8 - @efox/plugin-babel-react =1.0.1 - @emfc/emfc-cli =1.1.0 and more Source cves: CVE-2022-24376 Source advisory:...

OS Command Injection

git-promise is vulnerable to OS commnad injection. User input is not validated and sanitized before being passed to the git function and executed...

Node.js third-party modules: [git-promise] RCE via insecure command formatting

I would like to report a RCE issue in the git-promise module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: git-promise version: 0.3.1 npm page: https://www.npmjs.com/package/git-promise Module Description Simple wrapper that allows you to run any git...