Security Advisory

CVE-2022-24433

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-11 16:15:14

Last updated 2024-09-16 21:57:22

Assigner snyk

State PUBLISHED

Description

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution.

← Browse all CVEs View on cve.org ↗