CVE-2026-28292 simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key enables RCE

simple-git, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes CVE-2022-25860 and CVE-2022-25912 and achieve full remote code execution on the host machine. Version 3.23.0 contains ...

CVE-2026-28292 simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key that enables RCE

simple-git, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes CVE-2022-25860 and CVE-2022-25912 and achieve full remote code execution on the host machine. Version 3.23.0 contains ...

CVE-2026-28292

simple-git, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes CVE-2022-25860 and CVE-2022-25912 and achieve full remote code execution on the host machine. Version 3.23.0 contains ...

CVE-2026-28292 simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key that enables RCE

simple-git, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes CVE-2022-25860 and CVE-2022-25912 and achieve full remote code execution on the host machine. Version 3.23.0 contains ...

CVE-2026-28292

The CVE-2026-28292 entry concerns the Node.js package simple-git. Affected versions are 3.15.0 through 3.32.2 and the issue bypasses prior fixes from CVE-2022-25860 and CVE-2022-25912, enabling full remote code execution on the host. A fix is noted in version 3.23.0. No exploitation details or in...

EUVD-2026-10791

simple-git, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes CVE-2022-25860 and CVE-2022-25912 and achieve full remote code execution on the host machine. Version 3.23.0 contains ...

Simple Git 安全漏洞

Simple Git is a lightweight interface developed by Steve King from the UK. It is used to execute Git commands within any Node.js application. Versions 3.15.0 to 3.32.2 of Simple Git contain security vulnerabilities. These vulnerabilities allow attackers to bypass previous CVE fixes, potentially...

PT-2026-24396

Name of the Vulnerable Software and Affected Versions simple-git versions 3.15.0 through 3.32.2 Description The simple-git software, a Node.js interface for running git commands, contains an issue in which attackers can bypass previous fixes. This bypass is due to case-insensitive configuration...

org.webjars.npm:g-status (=2.0.2), org.webjars.npm:graphql-toolkit__git-loader (=0.7.5) potentially affected by CVE-2022-25912 +1 more via org.webjars.npm:simple-git (>=1.129.0 <=1.132.0)

org.webjars.npm:simple-git MAVEN version =1.129.0, =1.132.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:simple-git and may be impacted: - org.webjars.npm:g-status =2.0.2 - org.webjars.npm:graphql-toolkitgit-loader =0.7.5 Source cves...

3extensions (=1.0.1), @51jbs/incremental-coverage-plugin (=1.0.5) +594 more potentially affected by CVE-2022-25912 +1 more via simple-git (>=3.0.3 <=3.35.2)

simple-git NPM version =3.0.3, =1.0.1, =1.0.1, =0.0.0-ad-beta.1, =0.0.0-aj-beta.3, =23.0.0, =35.0.0, =1.4.0, =0.1.5-alpha.0, =1.0.2, =0.0.0-aj-beta.221, =8.7.2, =8.11.4 and more Source cves: CVE-2022-25912, CVE-2026-6951 Source advisory: SNYK:JS-SIMPLEGIT-15456078...

Remote Code Execution (RCE)

Overview org.webjars.npm:simple-git is an A light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --conf...

Remote Code Execution (RCE)

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrust...

EUVD-2022-1286

Malicious code in bioql PyPI...

EUVD-2022-1593

Malicious code in bioql PyPI...

CVE-2022-25860

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...

Security Bulletin: IBM Storage Ceph is vulnerable to OS Command Injection in Grafana (CVE-2022-25912, CVE-2022-25860, CVE-2022-25908)

Summary Simple Git is used by IBM Storage Ceph in Grafana for Metrics. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. CVE-2022-25912, CVE-2022-25860, CVE-2022-25908. Vulnerability Details CVEID:CVE-2022-25912 DESCRIPTION: Node.js simple-git module cou...

Remote Code Execution (RCE)

simple-git is vulnerable to Remote Code Execution RCE. The vulnerability exists due to improper sanitization of the clone, pull, push and listRemote methods which allows an attacker to execute arbitrary code...

1508-cli (>=1.0.4 <=1.0.6), 40banner (>=1.0.0 <=1.1.2) +4531 more potentially affected by CVE-2022-25860 via simple-git (>=0.10.0 <=3.15.1)

simple-git NPM version =0.10.0, =1.0.4, =1.0.0, =0.0.80, =1.0.0, =2.0.0, =0.0.0, =0.0.1, =0.0.1, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.1.16 and more Source cves: CVE-2022-25860 Source advisory: OSV:GHSA-9W5J-4MWV-2WJ8...

GHSA-9W5J-4MWV-2WJ8 Remote code execution in simple-git

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...

Remote code execution in simple-git

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...