7 matches found
EUVD-2021-0763
Malware in sbrugna...
OS Command Injection
giting is vulnerable to os command injection. The vulnerability exists due to the lack of validation of the first argument of 'repo' of the function pull...
OS Command Injection in giting
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument repo of function pull is executed by the package without any validation...
GHSA-53XJ-V576-3CH2 OS Command Injection in giting
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument repo of function pull is executed by the package without any validation...
Giting Command Execution Vulnerability
Giting is a Git version control system server. A security vulnerability exists in Giting versions prior to 0.0.8, which is caused by the program executing the 'repo' parameter of the 'pull' function without performing arbitrary validation. The vulnerability can be exploited to execute arbitrary...
CVE-2019-10802
CVE-2019-10802 affects giting prior to version 0.0.8. The vulnerability arises because the first argument of the pull() function, named repo, is executed by the package without input validation, allowing arbitrary command execution (command injection). Several sources (Red Hat, Snyk, CNVD, GHSA, ...
Command Injection
Overview giting is a Git server. Affected versions of this package are vulnerable to Command Injection. The first argument "repo" of function pull is executed by the package without any validation. PoC by JHU System Security Lab var Test = require"giting"; var injectioncommand = ";echo vulnerable...