GHSA-9w5j-4mwv-2wj8

Suggest an improvement
Source
https://github.com/advisories/GHSA-9w5j-4mwv-2wj8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-9w5j-4mwv-2wj8/GHSA-9w5j-4mwv-2wj8.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9w5j-4mwv-2wj8
Aliases
Published
2023-01-26T21:30:25Z
Modified
2023-11-08T04:08:49.692488Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Remote code execution in simple-git
Details

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912.

Database specific 
{
    "nvd_published_at": "2023-01-26T21:15:00Z",
    "cwe_ids": [],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-27T01:01:27Z"
}
References

Affected packages

npm / simple-git

Package

Name
simple-git
View open source insights on deps.dev
Purl
pkg:npm/simple-git

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.16.0