Количество 2
Количество 2
CVE-2022-25766
The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possible to get arbitrary command execution.
GHSA-hf8c-xr89-vfm5
Command Injection in ungit
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-25766 The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possible to get arbitrary command execution. | CVSS3: 8.8 | 4% Низкий | почти 4 года назад |
| GHSA-hf8c-xr89-vfm5 Command Injection in ungit | CVSS3: 8.8 | 4% Низкий | почти 4 года назад |
Уязвимостей на страницу