Remote Code Execution (RCE)

ungit is vulnerable to remote code execution. An attacker can inject and execute malicious git options through the user-controlled values in the git fetch command when calling the /api/fetch endpoint...

@phoenix-plugin-registry/hirse.ungit (=0.8.3), hirse.ungit (>=0.1.0 <=0.8.3) potentially affected by CVE-2022-25766 via ungit (>=0.9.3 <=1.5.2)

ungit NPM version =0.9.3, =0.1.0, =0.8.3 Source cves: CVE-2022-25766 Source advisory: OSV:GHSA-HF8C-XR89-VFM5...

GHSA-HF8C-XR89-VFM5 Command Injection in ungit

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

CVE-2022-25766

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

CVE-2022-25766

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

EUVD-2022-1441

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

CVE-2022-25766 Remote Code Execution (RCE)

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

CVE-2022-25766

The CVE describes a remote code execution in ungit prior to 1.5.20 caused by argument injection in the /api/fetch endpoint. User-controlled values (remote and ref) are injected into the git fetch command, enabling arbitrary command execution on the server. Affected product: ungit (pre-1.5.20). Ro...

CVE-2022-25766

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

ungit 参数注入漏洞

ungit is a simple way to use git by Fredrik Noren, a Swedish personal developer. A parameter injection vulnerability exists in ungit before 1.5.20, which can be exploited by an attacker to conduct a Remote Code Execution RCE attack...

PT-2022-17499 · Ungit · Ungit

Name of the Vulnerable Software and Affected Versions: ungit versions prior to 1.5.20 Description: The issue occurs when calling the "/api/fetch" endpoint, where user-controlled values remote and ref are passed to the git fetch command. By injecting some git options, it is possible to get arbitra...

Remote Code Execution (RCE)

Overview ungit is a version control library. Affected versions of this package are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some gi...

@phoenix-plugin-registry/hirse.ungit (=0.8.3), hirse.ungit (>=0.4.1 <=0.8.3) potentially affected by CVE-2022-25766 via ungit (>=1.1.22 <=1.5.2)

ungit NPM version =1.1.22, =0.4.1, =0.8.3 Source cves: CVE-2022-25766 Source advisory: SNYK:JS-UNGIT-2414099...

Command Injection in ungit

Versions of ungit prior to 0.9.0 are affected by a command injection vulnerability in the url parameter. Recommendation Update version 0.9.0 or later...

GHSA-VJFR-P6HP-JQQW Command Injection in ungit

Versions of ungit prior to 0.9.0 are affected by a command injection vulnerability in the url parameter. Recommendation Update version 0.9.0 or later...

Command Injection

Overview Versions of ungit prior to 0.9.0 are affected by a command injection vulnerability in the url parameter. Recommendation Update version 0.9.0 or later. References - Issue 486 - GitHub Advisory...