9928 matches found
Command Injection
Overview @context-sync/server is an Universal Context layer McP server Affected versions of this package are vulnerable to Command Injection via the git-integration component. An attacker can execute arbitrary operating system commands by sending specially crafted input to the affected component...
EUVD-2026-25732
A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git Integration. Such manipulation leads to os command injection. The attack can be executed remotely. The exploit has been disclosed...
CVE-2026-7062
Technical details (affected products, components, patch info) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-7062 Intina47 context-sync Git Integration git-integration.ts os command injection
A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git Integration. Such manipulation leads to os command injection. The attack can be executed remotely. The exploit has been disclosed...
CVE-2026-7062 Intina47 context-sync Git Integration git-integration.ts os command injection
A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git Integration. Such manipulation leads to os command injection. The attack can be executed remotely. The exploit has been disclosed...
PT-2026-35269
Name of the Vulnerable Software and Affected Versions Intina47 context-sync versions prior to 2.0.0 Description A flaw in the Git Integration component, specifically within the src/git-integration.ts file, allows for remote OS command injection. This occurs when an attacker sends specially crafte...
Context Sync 命令注入漏洞
Context Sync is a local-first project memory tool developed by Mamba Personal Developer, based on MCP. Versions of Context Sync 2.0.0 and earlier had a command injection vulnerability, which originated from the os command injection present in the src/git-integration.ts file within the Git...
GitPython: Unsafe option check validates multi_options before shlex.split transformation
Summary clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but after split becomes "--branch", "main", "--config", "core.hooksPath=/x". Git applies the...
NPM: simple-git is vulnerable to Remote Code Execution
NPM: simple-git is vulnerable to Remote Code Execution vulnerability discovered by ? in WordPress Npm simple-git versions 3.36.0...
GHSA-HFFM-XVC3-VPRC simple-git is vulnerable to Remote Code Execution
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...
simple-git is vulnerable to Remote Code Execution
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...
1508-cli (>=1.0.4 <=1.0.6), 3extensions (=1.0.1) +4998 more potentially affected by CVE-2026-6951 via simple-git (>=0.10.0 <=3.35.2)
simple-git NPM version =0.10.0, =1.0.4, =1.0.0, =0.0.80, =1.0.0, =2.0.0, =0.0.0, =0.0.1, =0.0.1, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.1.16 and more Source cves: CVE-2026-6951 Source advisory: OSV:GHSA-HFFM-XVC3-VPRC...
CVE-2026-6951
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...
EUVD-2026-25639
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...
CVE-2026-6951
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...
CVE-2026-6951
CVE-2026-6951 affects the Node.js package “simple-git.” The vulnerability lies in versions before 3.36.0, due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input reaches the options argument, an attacker could achieve remote c...
CVE-2026-6951
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...
CVE-2026-6951
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...
[SECURITY] Fedora 44 Update: opam-2.5.1-1.fc44
Opam is a source-based package manager for OCaml. It supports multiple simultaneous compiler installations, flexible package constraints, and a Git-friendly development workflow...
[SECURITY] Fedora 43 Update: opam-2.5.1-1.fc43
Opam is a source-based package manager for OCaml. It supports multiple simultaneous compiler installations, flexible package constraints, and a Git-friendly development workflow...