Lucene search
Veracode Vulnerability DatabaseVERACODE:34937HistoryApr 04, 2022 - 7:25 a.m.
Command Injection
2022-04-0407:25:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
0.006 Low
EPSS
Percentile
77.7%
simple-git is vulnerable to command injection. The vulnerability exists in cloneTask function in clone.ts due to the use of --upload-pack in git.clone which allows an attacker to inject and execute arbitrary codes. This is possible due to an incomplete fix of CVE-2022-24433.
| CPE | Name | Operator | Version |
|---|---|---|---|
| simple-git | le | 3.4.0 | |
| simple-git | le | 3.4.0 |
Related
cvelist
cvelist
CVE-2022-24066 Command Injection
2022-04-01 00:00:00
CVE-2022-24433 Command Injection
2022-03-11 00:00:00
CVE-2022-25912 Remote Code Execution (RCE)
2022-12-06 00:00:00
osv
osv
CVE-2022-24066
2022-04-01 20:15:08
Command injection in simple-git
2022-04-02 00:00:13
Command injection in simple-git
2022-03-12 00:00:33
prion
prion
Command injection
2022-04-01 20:15:00
Command injection
2022-03-11 17:16:00
Design/Logic Flaw
2022-12-06 05:15:00
nvd
nvd
cve
cve
github
github
Command injection in simple-git
2022-04-02 00:00:13
Command injection in simple-git
2022-03-12 00:00:33
cnvd
cnvd
unspecified vulnerability in simple-git-hooks
2022-04-05 00:00:00
veracode
veracode
Command Injection
2022-03-14 14:21:51
Remote Code Execution (RCE)
2022-12-08 03:15:42
