16 matches found
Remote Code Execution (RCE)
ungit is vulnerable to remote code execution. An attacker can inject and execute malicious git options through the user-controlled values in the git fetch command when calling the /api/fetch endpoint...
GHSA-HF8C-XR89-VFM5 Command Injection in ungit
The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...
@phoenix-plugin-registry/hirse.ungit (=0.8.3), hirse.ungit (>=0.1.0 <=0.8.3) potentially affected by CVE-2022-25766 via ungit (>=0.9.3 <=1.5.2)
ungit NPM version =0.9.3, =0.1.0, =0.8.3 Source cves: CVE-2022-25766 Source advisory: OSV:GHSA-HF8C-XR89-VFM5...
CVE-2022-25766
The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...
CVE-2022-25766
The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...
EUVD-2022-1441
The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...
CVE-2022-25766
The CVE describes a remote code execution in ungit prior to 1.5.20 caused by argument injection in the /api/fetch endpoint. User-controlled values (remote and ref) are injected into the git fetch command, enabling arbitrary command execution on the server. Affected product: ungit (pre-1.5.20). Ro...
CVE-2022-25766 Remote Code Execution (RCE)
The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...
CVE-2022-25766
The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...
PT-2022-17499 · Ungit · Ungit
Name of the Vulnerable Software and Affected Versions: ungit versions prior to 1.5.20 Description: The issue occurs when calling the "/api/fetch" endpoint, where user-controlled values remote and ref are passed to the git fetch command. By injecting some git options, it is possible to get arbitra...
ungit 参数注入漏洞
ungit is a simple way to use git by Fredrik Noren, a Swedish personal developer. A parameter injection vulnerability exists in ungit before 1.5.20, which can be exploited by an attacker to conduct a Remote Code Execution RCE attack...
@phoenix-plugin-registry/hirse.ungit (=0.8.3), hirse.ungit (>=0.4.1 <=0.8.3) potentially affected by CVE-2022-25766 via ungit (>=1.1.22 <=1.5.2)
ungit NPM version =1.1.22, =0.4.1, =0.8.3 Source cves: CVE-2022-25766 Source advisory: SNYK:JS-UNGIT-2414099...
Remote Code Execution (RCE)
Overview ungit is a version control library. Affected versions of this package are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some gi...
Command Injection in ungit
Versions of ungit prior to 0.9.0 are affected by a command injection vulnerability in the url parameter. Recommendation Update version 0.9.0 or later...
GHSA-VJFR-P6HP-JQQW Command Injection in ungit
Versions of ungit prior to 0.9.0 are affected by a command injection vulnerability in the url parameter. Recommendation Update version 0.9.0 or later...
Command Injection
Overview Versions of ungit prior to 0.9.0 are affected by a command injection vulnerability in the url parameter. Recommendation Update version 0.9.0 or later. References - Issue 486 - GitHub Advisory...