Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-9p95-fxvg-qgq2: simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol

The package simple-git before 3.15.0 is vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of CVE-2022-24066.

ghsa
Open in Source
#vulnerability#nodejs#js#git#rce
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2022-25912

simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol

High severity GitHub Reviewed Published Dec 6, 2022 • Updated Dec 7, 2022

Package

npm simple-git (npm)

Affected versions

< 3.15.0

Description

Related news

CVE-2022-25912: Chore: bump lerna, jest and create prettier workflow (#862) · steveukx/git-js@7746480

The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails
ghsa