The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2022-04-19T16:35:11.215526Z

Updated: 2024-09-16T17:59:47.353Z

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-25648

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-04-19T17:15:11.333

Modified: 2024-11-21T06:52:30.400

Link: CVE-2022-25648

cve-icon Redhat

Severity : Critical

Publid Date: 2022-04-13T00:00:00Z

Links: CVE-2022-25648 - Bugzilla