Security Advisory

CVE-2022-24440

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-04-01 17:35:13

Last updated 2024-09-17 03:22:48

Assigner snyk

State PUBLISHED

Description

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

← Browse all CVEs View on cve.org ↗