53 matches found
git-clone 参数注入漏洞
git-clone is a repository for cloning git repositories developed by Jason Frame in the UK. A parameter injection vulnerability exists in git-clone, which stems from an unsafe use of git's --upload-pack feature, which makes all versions of the package git-clone vulnerable to command injection...
PT-2022-17595
Name of the Vulnerable Software and Affected Versions: git-clone affected versions not specified Description: The git-clone package is susceptible to Command Injection due to insecure usage of the --upload-pack feature of git. This allows for potential malicious code execution. Credit for...
Command Injection
git-pull-or-clone is vulnerable to command injection. A remote attacker is able to inject malicious command-line arguments to be executed on the OS through the gitClone function via the --upload-pack feature of git...
CVE-2022-24437
The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...
PT-2022-16696 · Git +1 · Git +1
Name of the Vulnerable Software and Affected Versions: git-pull-or-clone versions prior to 2.0.2 Description: The issue arises from the use of the --upload-pack feature of git, which is also supported for git clone. Although the source utilizes the secure child process API spawn, the outpath...
OS Command Injection
git-interface is vulnerable to OS command injection. When a user uses git clone feature, the use of command-line-argument --upload-pack with a valid directory on disk allows the destination directory to clone a repository too...
CVE-2022-1440
Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...
git-interface 操作系统命令注入漏洞
git-interface is an interface for using git repositories in node.js by the Russian individual developer Yarkeev Denis. A security vulnerability exists in yarkeev git-interface versions prior to 2.1.1, which stems from a lack of filtering of the git clone and git --upload-pack command line...
CVE-2022-24066
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...
PT-2022-16447 · Unknown · Simple-Git
Name of the Vulnerable Software and Affected Versions: simple-git versions prior to 3.5.0 Description: The issue arises from an incomplete fix of a previous command injection vulnerability, which only addressed the git fetch attack vector. The --upload-pack feature of git, also supported for git...
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Overview git-clone is a Clone a git repository Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to insecure usage of the --upload-pack feature of git. Note: A note was added to the README file of the package t...
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Overview git-pull-or-clone is an Ensure a git repo exists on disk and that it's up-to-date Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to the use of the --upload-pack feature of git which is also supporte...
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to an incomplete fix of CVE-2022-24433 which only patches...