CVE-2022-25860

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-25860

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25860.json

Aliases

GHSA-9w5j-4mwv-2wj8

Published

2023-01-26T21:15:31Z

Modified

2023-11-29T09:30:40.712189Z

Details

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912.

References

Affected packages

Git / github.com/steveukx/git-js

Affected ranges

Type: GIT
Repo: https://github.com/steveukx/git-js
Events: Introduced

0The exact introduced commit is unknown

Fixed

ec97a39ab60b89e870c5170121cd9c1603cc1951

Affected versions

0.*

0.1.0

0.10.0

0.11.0

0.12.0

0.13.0

0.14.0

0.15.0

0.16.0

0.17.0

0.2.0

0.3.0

0.4.0

0.5.0

0.6.0

0.7.0

0.8.0

0.9.0

1.*

1.0.0

1.1.0

1.10.0

1.11.0

1.12.0

1.13.0

1.14.0

1.15.0

1.16.0

1.17.0

1.18.0

1.19.0

1.2.0

1.20.0

1.21.0

1.22.0

1.23.0

1.24.0

1.25.0

1.26.0

1.26.2

1.27.0

1.28.0

1.28.1

1.29.0

1.3.0

1.30.0

1.31.0

1.31.1

1.32.0

1.32.1

1.33.0

1.33.1

1.34.0

1.35.0

1.36.0

1.37.0

1.38.0

1.39.0

1.4.0

1.40.0

1.41.0

1.42.0

1.42.1

1.43.0

1.44.0

1.45.0

1.46.0

1.47.0

1.48.0

1.49.0

1.5.0

1.50.0

1.51.0

1.52.0

1.53.0

1.54.0

1.55.0

1.56.0

1.57.0

1.58.0

1.59.0

1.6.0

1.60.0

1.61.0

1.62.0

1.63.0

1.64.0

1.65.0

1.66.0

1.67.0

1.68.0

1.69.0

1.7.0

1.70.0

1.71.0

1.72.0

1.73.0

1.74.0

1.74.1

1.75.0

1.76.0

1.77.0

1.78.0

1.79.0

1.8.0

1.80.0

1.80.1

1.81.0

1.81.1

1.82.0

1.83.0

1.84.0

1.85.0

1.86.0

1.87.0

1.88.0

1.89.0

1.9.0

1.90.0

1.91.0

1.92.0

1.93.0

1.94.0

1.95.0

1.95.1

1.96.0

1.97.0

1.98.0

repo-v3.*

repo-v3.0.0

repo-v3.0.1

repo-v3.0.2

repo-v3.0.3

repo-v3.0.4

repo-v3.1.0

repo-v3.1.1

simple-git-v3.*

simple-git-v3.0.0

simple-git-v3.0.1

simple-git-v3.0.2

simple-git-v3.0.3

simple-git-v3.0.4

simple-git-v3.1.0

simple-git-v3.1.1

simple-git@3.*

simple-git@3.10.0

simple-git@3.11.0

simple-git@3.12.0

simple-git@3.13.0

simple-git@3.14.0

simple-git@3.14.1

simple-git@3.15.0

simple-git@3.15.1

simple-git@3.2.4

simple-git@3.2.6

simple-git@3.3.0

simple-git@3.4.0

simple-git@3.5.0

simple-git@3.6.0

simple-git@3.7.0

simple-git@3.7.1

simple-git@3.8.0

simple-git@3.9.0

Other

tagged

v1.*

v1.100.0

v1.101.0

v1.102.0

v1.103.0

v1.104.0

v1.105.0

v1.106.0

v1.107.0

v1.108.0

v1.109.0

v1.110.0

v1.111.0

v1.112.0

v1.113.0

v1.114.0

v1.115.0

v1.116.0

v1.117.0

v1.118.0

v1.119.0

v1.120.0

v1.121.0

v1.122.0

v1.123.0

v1.124.0

v1.125.0

v1.126.0

v1.127.0

v1.128.0

v1.129.0

v1.130.0

v1.131.0

v1.132.0

v1.99.0

v2.*

v2.0.0

v2.1.0

v2.10.0

v2.11.0

v2.12.0

v2.13.0

v2.13.1

v2.13.2

v2.15.0

v2.16.0

v2.17.0

v2.18.0

v2.19.0

v2.2.0

v2.20.0

v2.20.1

v2.21.0

v2.22.0

v2.23.0

v2.24.0

v2.25.0

v2.26.0

v2.27.0

v2.28.0

v2.29.0

v2.3.0

v2.30.0

v2.31.0

v2.32.0

v2.33.0

v2.34.0

v2.34.1

v2.34.2

v2.35.0

v2.35.1

v2.35.2

v2.36.0

v2.36.1

v2.36.2

v2.37.0

v2.38.0

v2.38.1

v2.39.0

v2.39.1

v2.4.0

v2.40.0

v2.41.0

v2.41.1

v2.41.2

v2.42.0

v2.43.0

v2.44.0

v2.45.0

v2.45.1

v2.46.0

v2.47.0

v2.47.1

v2.48.0

v2.5.0

v2.6.0

v2.7.0

v2.7.1

v2.7.2

v2.8.0

v2.9.0