Main Vulnerability Database Vulnerabilities #VU97701

#VU97701 Input validation error in Simple Git - CVE-2022-25860

Published: September 25, 2024

Vulnerability identifier: #VU97701

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-25860

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Simple Git

Software vendor:
Steve King

Description

The vulnerability allows a remote attacker to execute remote code on the system.

The vulnerability exists due to improper input sanitization. A remote attacker can pass specially crafted input to the application and execute remote code on the system using the clone(), pull(), push() and listRemote() methods.

Remediation

Install updates from vendor's website.

External links

https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391
https://github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13
https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951

#VU97701 Input validation error in Simple Git - CVE-2022-25860

Description

Remediation

External links

Please verify you're human