Lucene search
Veracode Vulnerability DatabaseVERACODE:38364HistoryDec 08, 2022 - 3:15 a.m.
Remote Code Execution (RCE)
2022-12-0803:15:42
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
remote code execution
simple-git
clone function
vulnerability
git.js
ext transport protocol
arbitrary codes
system
incomplete fix
cve-2022-24066
software
0.014 Low
EPSS
Percentile
86.4%
simple-git is vulnerable to remote code execution.The vulnerability exists in the clone() function of git.js because of enabling the ext transport protocol which allows an attacker to inject and execute arbitrary codes into the system. This is an incomplete fix of CVE-2022-24066.
| CPE | Name | Operator | Version |
|---|---|---|---|
| simple-git | le | 3.14.1 | |
| simple-git | le | 3.14.0 | |
| simple-git | le | 3.14.1 | |
| simple-git | le | 3.14.0 |
References
github.com/advisories/GHSA-9p95-fxvg-qgq2
github.com/steveukx/git-js/blob/main/docs/PLUGIN-UNSAFE-ACTIONS.md%23overriding-allowed-protocols
github.com/steveukx/git-js/commit/774648049eb3e628379e292ea172dccaba610504
github.com/steveukx/git-js/pull/862
github.com/steveukx/git-js/releases/tag/simple-git%403.15.0
Related
cve
cve
nvd
nvd
osv
osv
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
2022-12-06 06:30:17
CVE-2022-25912
2022-12-06 05:15:11
CVE-2022-24066
2022-04-01 20:15:08
prion
prion
Design/Logic Flaw
2022-12-06 05:15:00
Command injection
2022-04-01 20:15:00
Input validation
2023-01-26 21:15:00
cvelist
cvelist
CVE-2022-25912 Remote Code Execution (RCE)
2022-12-06 00:00:00
CVE-2022-24066 Command Injection
2022-04-01 00:00:00
CVE-2022-25860
2023-01-24 05:00:02
github
github
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
2022-12-06 06:30:17
Remote code execution in simple-git
2023-01-26 21:30:25
Command injection in simple-git
2022-04-02 00:00:13
cnvd
cnvd
unspecified vulnerability in simple-git-hooks
2022-04-05 00:00:00
veracode
veracode
Command Injection
2022-04-04 07:25:24
