Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

vulnersOsv
vulnersOsvadded 2020/09/04 5:31 p.m.2 views

meta (>=1.0.0 <=1.0.3), ownmeta (=0.0.4) potentially affected by unknown CVE via meta-git (>=0.0.0 <=1.1.3)

meta-git NPM version =0.0.0, =1.0.0, =1.0.3 - ownmeta =0.0.4 Source cves: unknown CVE Source advisory: OSV:GHSA-QCFF-FFX3-M25C...

5.8AI score
Exploits0
Github Security Blog
Github Security Blogadded 2020/09/04 5:31 p.m.26 views

Command Injection in meta-git

All versions of meta-git are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The clone command is vulnerable through the branch name. Recommendation No fix is currently...

6.3AI score
Exploits0References3Affected Software1
OSV
OSVadded 2020/09/04 5:31 p.m.8 views

GHSA-QCFF-FFX3-M25C Command Injection in meta-git

All versions of meta-git are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The clone command is vulnerable through the branch name. Recommendation No fix is currently...

8.1AI score
Exploits0References2
Node.js
Node.jsadded 2020/01/17 9:33 p.m.13 views

Command Injection

Overview All versions of meta-git are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The clone command is vulnerable through the branch name. Recommendation No fix is...

7.9AI score
Exploits0Affected Software1
Veracode
Veracodeadded 2020/01/13 3:21 a.m.12 views

Remote Code Execution

meta-git is vulnerable to remote code execution. User input is formatted without validation and sanitization inside a command that is subsequently executed using exec in metaGitUpdate.js...

2.6AI score
Exploits0
Hacker One
Hacker Oneadded 2019/11/02 10:14 p.m.26 views

Node.js third-party modules: [meta-git] RCE via insecure command formatting

I would like to report a RCE issue in the meta-git module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: meta-git version: 1.1.2 npm page: https://www.npmjs.com/package/meta-git Module Description git plugin for meta Module Stats 60 downloads in the...

1.2AI score
Exploits0
Huntr
Huntradded 2019/11/02 12:0 a.m.86 views

Code Injection in mateodelnorte/meta-git

Description The meta-git module is vulnerable against command injection since the user-supplied inputs are concatenated with a command which is executed without validation. POC 1. Create a new directory and insert some test files: bash mkdir tests cd tests touch test touch secret touch files 2...

1.1AI score
Exploits0
Rows per page
Query Builder