admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-31 10:40:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-25912.md
0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00

21 lines
1015 B
Markdown
Raw Blame History

### [CVE-2022-25912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25912)
![](https://img.shields.io/static/v1?label=Product&message=simple-git&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%203.15.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution%20(RCE)&color=brighgreen)
### Description
The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).
### POC
#### Reference
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3153532
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3153532
- https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221
- https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221
#### Github
No PoCs found on GitHub currently.
Reference in New Issue View Git Blame Copy Permalink