CVE-2022-25860
- EPSS 41.35%
- Veröffentlicht 26.01.2023 21:15:31
- Zuletzt bearbeitet 01.04.2025 16:15:15
Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-20...
CVE-2022-25912
- EPSS 43.3%
- Veröffentlicht 06.12.2022 05:15:11
- Zuletzt bearbeitet 22.04.2025 21:15:42
The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https:/...
CVE-2022-24066
- EPSS 3.04%
- Veröffentlicht 01.04.2022 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:49:45
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the...
CVE-2022-24433
- EPSS 0.93%
- Veröffentlicht 11.03.2022 17:16:06
- Zuletzt bearbeitet 21.11.2024 06:50:24
The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting so...