Описание
A vulnerability was discovered in the simple-git Node.js library. The issue is caused by improper validation of user-supplied input when constructing Git commands. An attacker able to supply specially crafted repository URLs or arguments could exploit Git’s ext:: protocol handler to execute arbitrary commands on the underlying system. This flaw bypasses earlier mitigations intended to restrict unsafe Git protocols. By injecting configuration options that re-enable the ext:: protocol, an attacker could cause the application to execute arbitrary external commands through the Git client. If a vulnerable application passes untrusted input to simple-git operations such as repository cloning or fetching, a remote attacker could exploit this flaw to execute arbitrary commands on the host system with the privileges of the application process.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch6-rhel9 | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-operator-bundle | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-proxy-rhel9 | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-rhel9-operator | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-curator5-rhel9 | Affected | ||
| Red Hat Enterprise Linux 8 | grafana | Affected | ||
| Red Hat Enterprise Linux 9 | grafana | Affected | ||
| Red Hat JBoss Enterprise Application Platform 8 | org.keycloak-keycloak-parent | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | org.keycloak-keycloak-parent | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code execution on the host machine. Version 3.23.0 contains an updated fix for the vulnerability.
simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key enables RCE
EPSS
8.8 High
CVSS3