Lucene search
K

53 matches found

CNNVD
CNNVD
added 2022/07/01 12:0 a.m.32 views

git-clone 参数注入漏洞

git-clone is a repository for cloning git repositories developed by Jason Frame in the UK. A parameter injection vulnerability exists in git-clone, which stems from an unsafe use of git's --upload-pack feature, which makes all versions of the package git-clone vulnerable to command injection...

10CVSS8.3AI score0.03227EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/07/01 12:0 a.m.6 views

PT-2022-17595

Name of the Vulnerable Software and Affected Versions: git-clone affected versions not specified Description: The git-clone package is susceptible to Command Injection due to insecure usage of the --upload-pack feature of git. This allows for potential malicious code execution. Credit for...

10CVSS9.6AI score0.03227EPSS
Exploits1References9
Veracode
Veracode
added 2022/05/04 3:5 p.m.26 views

Command Injection

git-pull-or-clone is vulnerable to command injection. A remote attacker is able to inject malicious command-line arguments to be executed on the OS through the gitClone function via the --upload-pack feature of git...

9.8CVSS4.9AI score0.03865EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/01 3:19 p.m.6 views

CVE-2022-24437

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

9.8CVSS7.4AI score0.03865EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/05/01 12:0 a.m.10 views

PT-2022-16696 · Git +1 · Git +1

Name of the Vulnerable Software and Affected Versions: git-pull-or-clone versions prior to 2.0.2 Description: The issue arises from the use of the --upload-pack feature of git, which is also supported for git clone. Although the source utilizes the secure child process API spawn, the outpath...

9.8CVSS9.6AI score0.03865EPSS
Exploits1References8
Veracode
Veracode
added 2022/04/25 4:19 a.m.22 views

OS Command Injection

git-interface is vulnerable to OS command injection. When a user uses git clone feature, the use of command-line-argument --upload-pack with a valid directory on disk allows the destination directory to clone a repository too...

9.8CVSS1.9AI score0.03928EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/22 6:15 p.m.18 views

CVE-2022-1440

Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...

10CVSS7.7AI score0.03928EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/22 12:0 a.m.34 views

git-interface 操作系统命令注入漏洞

git-interface is an interface for using git repositories in node.js by the Russian individual developer Yarkeev Denis. A security vulnerability exists in yarkeev git-interface versions prior to 2.1.1, which stems from a lack of filtering of the git clone and git --upload-pack command line...

10CVSS8.3AI score0.03928EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/04/01 8:0 p.m.3 views

CVE-2022-24066

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...

9.8CVSS5.5AI score0.04067EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/04/01 12:0 a.m.4 views

PT-2022-16447 · Unknown · Simple-Git

Name of the Vulnerable Software and Affected Versions: simple-git versions prior to 3.5.0 Description: The issue arises from an incomplete fix of a previous command injection vulnerability, which only addressed the git fetch attack vector. The --upload-pack feature of git, also supported for git...

9.8CVSS9.4AI score0.04067EPSS
Exploits1References14
Snyk
Snyk
added 2022/03/28 10:43 a.m.3 views

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview git-clone is a Clone a git repository Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to insecure usage of the --upload-pack feature of git. Note: A note was added to the README file of the package t...

10CVSS6.7AI score0.03227EPSS
Exploits1References2
Snyk
Snyk
added 2022/03/28 10:42 a.m.5 views

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview git-pull-or-clone is an Ensure a git repo exists on disk and that it's up-to-date Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to the use of the --upload-pack feature of git which is also supporte...

9.8CVSS7.1AI score0.03865EPSS
Exploits1References2
Snyk
Snyk
added 2022/03/28 10:40 a.m.3 views

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to an incomplete fix of CVE-2022-24433 which only patches...

9.8CVSS7AI score0.04067EPSS
Exploits1References2
Rows per page
Query Builder