The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2022-12-12T01:49:10.008967Z

Updated: 2024-09-16T21:02:21.864Z

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-25912

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-12-06T05:15:11.570

Modified: 2024-11-21T06:53:12.270

Link: CVE-2022-25912

cve-icon Redhat

No data.