110 matches found
Remote code execution in simple-git
Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...
CVE-2022-25860
Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...
CVE-2022-25860
Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...
simple-git 安全漏洞
simple-git is a lightweight interface for running git commands in any node.js application. A security vulnerability exists in simple-git prior to version 3.16.0, which stems from the clone, pull, push, and listRemote methods not being properly cleaned up and escaped...
CVE-2022-25860
The CVE-2022-25860 entry concerns the simple-git package. Versions before 3.16.0 are vulnerable to Remote Code Execution via clone(), pull(), push(), and listRemote() due to improper input sanitization, tied to an incomplete fix of CVE-2022-25912. CERT/OSV/NVD/IBM/Red Hat references confirm the i...
CVE-2022-25860
Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...
CVE-2022-25860
Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...
PT-2023-12824
Name of the Vulnerable Software and Affected Versions simple-git versions prior to 3.16.0 Description The issue is related to Remote Code Execution RCE due to improper input sanitization in the clone, pull, push, and listRemote methods. This vulnerability exists because of an incomplete fix of a...
@51jbs/incremental-coverage-plugin (=1.0.5), @51jbs/spec-plugin (=2.0.0) +98 more potentially affected by CVE-2022-25860 +1 more via simple-git (>=3.0.3 <=3.15.1)
simple-git NPM version =3.0.3, =0.0.0-ad-beta.1, =0.0.0-aj-beta.3, =5.26.6, =14.24.1, =2.0.0, =0.0.64, =1.0.1-beta.0, =2.2.0, =2.3.2 and more Source cves: CVE-2022-25860, CVE-2022-25912 Source advisory: SNYK:JS-SIMPLEGIT-3177391...
Remote Code Execution (RCE)
Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to...
CVE-2022-25912 Remote Code Execution (RCE)
The package simple-git before 3.15.0 are vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due to an incomplete fix of CVE-2022-24066...
CVE-2022-25912 Remote Code Execution (RCE)
The package simple-git before 3.15.0 are vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due to an incomplete fix of CVE-2022-24066...
CVE-2022-25912
CVE-2022-25912 affects the Node.js simple-git module prior to 3.16.0, with remote code execution via the ext transport protocol during clone() (incomplete fix of CVE-2022-24066). Several connected sources corroborate RCE via clone()/pull()/push()/listRemote() paths when input is crafted, with exp...
Remote Code Execution (RCE)
simple-git is vulnerable to remote code execution.The vulnerability exists in the clone function of git.js because of enabling the ext transport protocol which allows an attacker to inject and execute arbitrary codes into the system. This is an incomplete fix of CVE-2022-24066...
GHSA-9P95-FXVG-QGQ2 simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
The package simple-git before 3.15.0 is vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due to an incomplete fix of CVE-2022-24066...
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
The package simple-git before 3.15.0 is vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due to an incomplete fix of CVE-2022-24066...
1508-cli (>=1.0.4 <=1.0.6), 40banner (>=1.0.0 <=1.1.2) +4507 more potentially affected by CVE-2022-25912 via simple-git (>=0.10.0 <=3.14.1)
simple-git NPM version =0.10.0, =1.0.4, =1.0.0, =0.0.80, =1.0.0, =2.0.0, =0.0.0, =0.0.1, =0.0.1, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.0.5, =0.1.16 and more Source cves: CVE-2022-25912 Source advisory: OSV:GHSA-9P95-FXVG-QGQ2...
CVE-2022-25912
The package simple-git before 3.15.0 are vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due to an incomplete fix of CVE-2022-24066...
CVE-2022-25912
The package simple-git before 3.15.0 are vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due to an incomplete fix of CVE-2022-24066...
Design/Logic Flaw
The package simple-git before 3.15.0 are vulnerable to Remote Code Execution RCE when enabling the ext transport protocol, which makes it exploitable via clone method. This vulnerability exists due to an incomplete fix of CVE-2022-24066...