Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1697 matches found

Veracode
Veracodeadded 2022/05/04 3:5 p.m.23 views

Command Injection

git-pull-or-clone is vulnerable to command injection. A remote attacker is able to inject malicious command-line arguments to be executed on the OS through the gitClone function via the --upload-pack feature of git...

9.8CVSS4.9AI score0.10388EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2022/05/03 12:0 a.m.27 views

GHSA-3X62-X456-Q2VM OS Command Injection in git-pull-or-clone

The package git-pull-or-clone before 2.0.2 is vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

9.8CVSS9.8AI score0.10388EPSS
Exploits1References5
vulnersOsv
vulnersOsvadded 2022/05/03 12:0 a.m.1 views

@gotoeasy/count-line-cli (>=1.0.7 <=1.1.5), @pingy/cli (>=0.10.0 <=0.11.2) +5 more potentially affected by CVE-2022-24437 via git-pull-or-clone (>=1.1.0 <=1.3.0)

git-pull-or-clone NPM version =1.1.0, =1.0.7, =0.10.0, =8.0.0, =0.7.8, =0.5.0, =0.1.0, =1.0.1, =1.0.11 Source cves: CVE-2022-24437 Source advisory: OSV:GHSA-3X62-X456-Q2VM...

9.8CVSS7.2AI score0.10388EPSS
Exploits1
Github Security Blog
Github Security Blogadded 2022/05/03 12:0 a.m.34 views

OS Command Injection in git-pull-or-clone

The package git-pull-or-clone before 2.0.2 is vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

9.8CVSS1.5AI score0.10388EPSS
Exploits1References5Affected Software1
0day.today
0day.todayadded 2022/05/03 12:0 a.m.215 views

Strapi 3.6.8 Password Disclosure / Insecure Handling Vulnerabilities

Exploit Title: Strapi " Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentation. Perform Base64 decoding and we got plaintext password in “documentation”...

7.5CVSS0.1AI score0.03089EPSS
Exploits3
Packet Storm
Packet Stormadded 2022/05/02 12:0 a.m.507 views

Strapi 3.6.8 Password Disclosure / Insecure Handling

Exploit Title: Strapi " Date: 2022-03-30 Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentati...

7.6AI score0.03089EPSS
Exploits3
NVD
NVDadded 2022/05/01 4:15 p.m.18 views

CVE-2022-24437

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

9.8CVSS0.10388EPSS
Exploits1References3
Prion
Prionadded 2022/05/01 4:15 p.m.12 views

Command injection

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

7.5CVSS10AI score0.10388EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2022/05/01 3:20 p.m.687 views

CVE-2022-24437

The CVE-2022-24437 entry affects git-pull-or-clone prior to 2.0.2. The vulnerability arises from using the --upload-pack feature (also used by git clone) where the outpath argument passed to the secure spawn() call can be manipulated as a command-line argument, enabling arbitrary command injectio...

9.8CVSS10AI score0.10388EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2022/05/01 3:20 p.m.15 views

CVE-2022-24437 Command Injection

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

9.8CVSS10AI score0.10388EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2022/05/01 3:19 p.m.4 views

CVE-2022-24437

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

9.8CVSS7.4AI score0.10388EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/05/01 12:0 a.m.8 views

PT-2022-16696 · Git +1 · Git +1

Name of the Vulnerable Software and Affected Versions: git-pull-or-clone versions prior to 2.0.2 Description: The issue arises from the use of the --upload-pack feature of git, which is also supported for git clone. Although the source utilizes the secure child process API spawn, the outpath...

9.8CVSS9.6AI score0.10388EPSS
Exploits1References8
CNNVD
CNNVDadded 2022/05/01 12:0 a.m.3 views

git-pull-or-clone 参数注入漏洞

git-pull-or-clone is used to ensure that a git repository exists on disk and is up-to-date. A parameter injection vulnerability exists in git-pull-or-clone versions prior to 2.0.2, which can be exploited to cause arbitrary command injection...

9.8CVSS8.4AI score0.10388EPSS
Exploits1References4
OSV
OSVadded 2022/04/22 8:54 p.m.41 views

GHSA-XCJX-M2PJ-8G79 Manipulated inline images can cause Infinite Loop in PyPDF2

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 user wrote the following code: python from PyPDF2 import PdfFileReader, PdfFileWriter from PyPDF2.pdf import ContentStream reader = PdfFileReader"malicious.pdf", strict=False for page in...

6.9CVSS5.6AI score0.00127EPSS
Exploits1References9
Gitee
Giteeadded 2022/04/19 10:48 a.m.1 views

nuclei-templates

This repository is a collection of community-curated templates for the nuclei engine to find security vulnerabilities in applications. The templates are stored in the cves/ directory and are used by the nuclei scanner to identify potential vulnerabilities. The repository also contains workflows f...

7AI score
Exploits0
RedhatCVE
RedhatCVEadded 2022/04/13 9:54 a.m.63 views

CVE-2022-29047

A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...

7.3CVSS1.6AI score0.0008EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2022/04/13 12:0 a.m.26 views

Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin

Multibranch Pipelines by default limit who can change the Pipeline definition from the Jenkinsfile. This is useful for SCMs like GitHub: Jenkins can build content from users without commit access, but who can submit pull requests, without granting them the ability to modify the Pipeline definitio...

5.3CVSS5.7AI score0.0008EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/04/12 8:15 p.m.1 views

CVE-2022-29047

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

5.3CVSS6.1AI score
Exploits0References1
Prion
Prionadded 2022/04/12 8:15 p.m.26 views

Design/Logic Flaw

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

5CVSS5.3AI score0.0008EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2022/04/12 7:50 p.m.15 views

CVE-2022-29047

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

6.5AI score0.0008EPSS
Exploits0References1
Rows per page
Query Builder