cve/2022/CVE-2022-25912.md

### [CVE-2022-25912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25912)
![](https://img.shields.io/static/v1?label=Product&message=simple-git&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%203.15.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution%20(RCE)&color=brighgreen)

### Description

The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).

### POC

#### Reference
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3153532
- https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-25912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25912)`
			`![](https://img.shields.io/static/v1?label=Product&message=simple-git&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3C%203.15.0%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution%20(RCE)&color=brighgreen)`

			`### Description`

			`The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).`

			`### POC`

			`#### Reference`
			`- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3153532`
			`- https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221`

			`#### Github`
			`No PoCs found on GitHub currently.`