PT-2022-17600

Name of the Vulnerable Software and Affected Versions simple-git versions prior to 3.15.0 Description The issue allows for Remote Code Execution RCE when the ext transport protocol is enabled, making it exploitable via the clone method. This is due to an incomplete fix of a previous issue...

@abstraktor/actordemo (>=0.0.0-ad-beta.1 <=0.0.0-ad-beta.2), @abstraktor/actorjs (>=0.0.0-aj-beta.3 <=0.0.0-aj-beta.6) +59 more potentially affected by CVE-2022-24066 +1 more via simple-git (>=3.0.3 <=3.14.1)

simple-git NPM version =3.0.3, =0.0.0-ad-beta.1, =0.0.0-aj-beta.3, =2.0.0, =1.0.1-beta.0, =1.0.3, =1.0.1, =0.1.1, =3.0.5, =1.1.3, =1.4.0-beta.3 - @logol/dc-cli =1.2.0 and more Source cves: CVE-2022-24066, CVE-2022-25912 Source advisory: SNYK:JS-SIMPLEGIT-3112221...

Remote Code Execution (RCE)

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due t...

unspecified vulnerability in simple-git-hooks

simple-git-hooks is an application. A simple git hooks manager for small projects. simple-git-hooks versions prior to 3.5.0 have security vulnerabilities that attackers exploit for command injection...

Command Injection

simple-git is vulnerable to command injection. The vulnerability exists in cloneTask function in clone.ts due to the use of --upload-pack in git.clone which allows an attacker to inject and execute arbitrary codes. This is possible due to an incomplete fix of CVE-2022-24433...

1508-cli (>=1.0.4 <=1.0.6), 2context (>=0.1.0 <=0.2.0) +12204 more potentially affected by CVE-2022-24066 via simple-git (>=0.10.0 <=3.4.0)

simple-git NPM version =0.10.0, =1.0.4, =0.1.0, =0.1.0, =1.0.0, =0.16.0, =0.0.80, =1.0.0-beta.1, =1.0.0, =0.0.2, =1.0.0, =1.0.0, =1.25.0, =1.33.0 and more Source cves: CVE-2022-24066 Source advisory: OSV:GHSA-28XR-MWXG-3QC8...

Command injection in simple-git

simple-git maintained as git-js named repository on GitHub is a light weight interface for running git commands in any node.js application.The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch...

GHSA-28XR-MWXG-3QC8 Command injection in simple-git

simple-git maintained as git-js named repository on GitHub is a light weight interface for running git commands in any node.js application.The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch...

CVE-2022-24066

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

CVE-2022-24066

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

Command injection

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

CVE-2022-24066

The CVE-2022-24066 issue affects the simple-git package prior to version 3.5.0, where command injection is possible due to an incomplete fix of CVE-2022-24433 and exposure via --upload-pack during fetch and an analogous path for git clone. Affected software: simple-git (Node.js). Root cause: inco...

CVE-2022-24066 Command Injection

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

CVE-2022-24066

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

simple-git-hooks 参数注入漏洞

simple-git-hooks is an application. A simple git hooks manager for small projects. simple-git-hooks versions prior to 3.5.0 have security vulnerabilities that attackers exploit for command injection...

2context (>=0.1.0 <=0.2.0), 2ndopinion-cli (>=0.1.0 <=0.12.0) +8105 more potentially affected by CVE-2022-24066 +1 more via simple-git (>=3.0.3 <=3.4.0)

simple-git NPM version =3.0.3, =0.1.0, =0.1.0, =0.16.0, =0.0.112-rc1, =1.0.0-beta.1, =1.0.0, =0.0.2, =1.0.0, =1.0.0, =1.25.0, =2.0.0, =1.0.3, =1.1.0, =0.1.0, =0.3.0 and more Source cves: CVE-2022-24066, CVE-2022-24433 Source advisory: SNYK:JS-SIMPLEGIT-2434306...

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to an incomplete fix of CVE-2022-24433 which only patches...

1508-cli (>=1.0.4 <=1.0.6), 2context (>=0.1.0 <=0.2.0) +12203 more potentially affected by CVE-2022-24433 via simple-git (>=0.10.0 <=3.36.0)

simple-git NPM version =0.10.0, =1.0.4, =0.1.0, =0.1.0, =1.0.0, =0.16.0, =0.0.80, =1.0.0-beta.1, =1.0.0, =0.0.2, =1.0.0, =1.0.0, =1.25.0, =1.33.0 and more Source cves: CVE-2022-24433 Source advisory: OSV:GHSA-3F95-R44V-8MRG...

GHSA-3F95-R44V-8MRG Command injection in simple-git

The package simple-git before 3.3.0 is vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options, it was possible to get arbitrary...

Command injection in simple-git

The package simple-git before 3.3.0 is vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options, it was possible to get arbitrary...