110 matches found
CVE-2022-24433
The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...
CVE-2022-24433
The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...
Command injection
The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...
CVE-2022-24433
CVE-2022-24433 affects the Node.js module simple-git (pre-3.5.0) and allows command injection via argument injection in the fetch path. The vulnerability arises because remote/branch values passed to the git fetch subcommand can be manipulated to execute arbitrary commands; the issue also concern...
CVE-2022-24433 Command Injection
The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...
CVE-2022-24433
The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...
Command Injection
Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are...
2context (>=0.1.0 <=0.2.0), 2ndopinion-cli (>=0.1.0 <=0.12.0) +7392 more potentially affected by CVE-2022-24433 via simple-git (>=3.0.3 <=3.36.0)
simple-git NPM version =3.0.3, =0.1.0, =0.1.0, =0.16.0, =0.0.112-rc1, =1.0.0-beta.1, =1.0.0, =0.0.2, =1.0.0, =1.0.0, =1.25.0, =2.0.0, =1.0.3, =1.1.0, =0.1.0, =0.3.0 and more Source cves: CVE-2022-24433 Source advisory: SNYK:JS-SIMPLEGIT-2421199...
simple-git-hooks 参数注入漏洞
simple-git-hooks is an application. A simple git hooks manager for small projects A parameter injection vulnerability exists in simple-git-hooks, which stems from the fact that when the .fetchremote, branch, handlerFn function is called, both the remote and branch parameters are passed to the git...
PT-2022-16694 · Unknown · Simple-Git
Name of the Vulnerable Software and Affected Versions: simple-git versions prior to 3.3.0 Description: The issue allows for Command Injection via argument injection. When calling the fetch function with parameters remote, branch, and handlerFn, both the remote and branch parameters are passed to...