Количество 2
Количество 2
CVE-2022-24433
The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution.
GHSA-3f95-r44v-8mrg
Command injection in simple-git
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-24433 The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution. | CVSS3: 8.1 | 1% Низкий | почти 4 года назад |
| GHSA-3f95-r44v-8mrg Command injection in simple-git | CVSS3: 8.1 | 1% Низкий | почти 4 года назад |
Уязвимостей на страницу