CVE-2022-24066

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24066

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24066.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24066

Aliases

GHSA-28xr-mwxg-3qc8

Related

SNYK-JAVA-ORGWEBJARSNPM-2434820
SNYK-JS-SIMPLEGIT-2434306

Published

2022-04-01T20:15:08Z

Modified

2025-07-02T00:16:17.735336Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover.

References

Affected packages

Git / github.com/steveukx/git-js

Affected ranges

Type: GIT
Repo: https://github.com/steveukx/git-js
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2040de601c894363050fef9f28af367b169a56c5

Affected versions

0.*

0.1.0

0.10.0

0.11.0

0.12.0

0.13.0

0.14.0

0.15.0

0.16.0

0.17.0

0.2.0

0.3.0

0.4.0

0.5.0

0.6.0

0.7.0

0.8.0

0.9.0

1.*

1.0.0

1.1.0

1.10.0

1.11.0

1.12.0

1.13.0

1.14.0

1.15.0

1.16.0

1.17.0

1.18.0

1.19.0

1.2.0

1.20.0

1.21.0

1.22.0

1.23.0

1.24.0

1.25.0

1.26.0

1.26.2

1.27.0

1.28.0

1.28.1

1.29.0

1.3.0

1.30.0

1.31.0

1.31.1

1.32.0

1.32.1

1.33.0

1.33.1

1.34.0

1.35.0

1.36.0

1.37.0

1.38.0

1.39.0

1.4.0

1.40.0

1.41.0

1.42.0

1.42.1

1.43.0

1.44.0

1.45.0

1.46.0

1.47.0

1.48.0

1.49.0

1.5.0

1.50.0

1.51.0

1.52.0

1.53.0

1.54.0

1.55.0

1.56.0

1.57.0

1.58.0

1.59.0

1.6.0

1.60.0

1.61.0

1.62.0

1.63.0

1.64.0

1.65.0

1.66.0

1.67.0

1.68.0

1.69.0

1.7.0

1.70.0

1.71.0

1.72.0

1.73.0

1.74.0

1.74.1

1.75.0

1.76.0

1.77.0

1.78.0

1.79.0

1.8.0

1.80.0

1.80.1

1.81.0

1.81.1

1.82.0

1.83.0

1.84.0

1.85.0

1.86.0

1.87.0

1.88.0

1.89.0

1.9.0

1.90.0

1.91.0

1.92.0

1.93.0

1.94.0

1.95.0

1.95.1

1.96.0

1.97.0

1.98.0

repo-v3.*

repo-v3.0.0

repo-v3.0.1

repo-v3.0.2

repo-v3.0.3

repo-v3.0.4

repo-v3.1.0

repo-v3.1.1

simple-git-v3.*

simple-git-v3.0.0

simple-git-v3.0.1

simple-git-v3.0.2

simple-git-v3.0.3

simple-git-v3.0.4

simple-git-v3.1.0

simple-git-v3.1.1

simple-git@3.*

simple-git@3.2.4

simple-git@3.2.6

simple-git@3.3.0

simple-git@3.4.0

Other

tagged

v1.*

v1.100.0

v1.101.0

v1.102.0

v1.103.0

v1.104.0

v1.105.0

v1.106.0

v1.107.0

v1.108.0

v1.109.0

v1.110.0

v1.111.0

v1.112.0

v1.113.0

v1.114.0

v1.115.0

v1.116.0

v1.117.0

v1.118.0

v1.119.0

v1.120.0

v1.121.0

v1.122.0

v1.123.0

v1.124.0

v1.125.0

v1.126.0

v1.127.0

v1.128.0

v1.129.0

v1.130.0

v1.131.0

v1.132.0

v1.99.0

v2.*

v2.0.0

v2.1.0

v2.10.0

v2.11.0

v2.12.0

v2.13.0

v2.13.1

v2.13.2

v2.15.0

v2.16.0

v2.17.0

v2.18.0

v2.19.0

v2.2.0

v2.20.0

v2.20.1

v2.21.0

v2.22.0

v2.23.0

v2.24.0

v2.25.0

v2.26.0

v2.27.0

v2.28.0

v2.29.0

v2.3.0

v2.30.0

v2.31.0

v2.32.0

v2.33.0

v2.34.0

v2.34.1

v2.34.2

v2.35.0

v2.35.1

v2.35.2

v2.36.0

v2.36.1

v2.36.2

v2.37.0

v2.38.0

v2.38.1

v2.39.0

v2.39.1

v2.4.0

v2.40.0

v2.41.0

v2.41.1

v2.41.2

v2.42.0

v2.43.0

v2.44.0

v2.45.0

v2.45.1

v2.46.0

v2.47.0

v2.47.1

v2.48.0

v2.5.0

v2.6.0

v2.7.0

v2.7.1

v2.7.2

v2.8.0

v2.9.0