4 matches found
CVE-2026-6951
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...
CVE-2026-6951
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...
Simple Git 代码注入漏洞
Simple Git is a lightweight interface developed by Steve King from the UK. It is used to execute Git commands in any Node.js application. Versions of Simple Git prior to 3.36.0 had a code injection vulnerability, which was due to incomplete fixes for CVE-2022-25912. This vulnerability could allow...
Remote Code Execution (RCE)
Overview org.webjars.npm:simple-git is an A light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --conf...