admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/24xxx/CVE-2022-24433.json

102 lines
3.4 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2022-02-24 15:04:37 +00:00
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
Adds CVE-2022-24433
2022-03-11 16:12:05 +00:00
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-03-11T16:12:03.865726Z",
"-Synchronized-Data."
2022-02-24 15:04:37 +00:00
"ID": "CVE-2022-24433",
Adds CVE-2022-24433
2022-03-11 16:12:05 +00:00
"STATE": "PUBLIC",
"TITLE": "Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "simple-git",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"-Synchronized-Data."
2022-03-11 16:20:53 +00:00
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199",
"name": "https://snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199"
Adds CVE-2022-24433
2022-03-11 16:12:05 +00:00
},
{
"-Synchronized-Data."
2022-03-11 16:20:53 +00:00
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2421245",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2421245"
Adds CVE-2022-24433
2022-03-11 16:12:05 +00:00
},
{
"-Synchronized-Data."
2022-03-11 16:20:53 +00:00
"refsource": "MISC",
"url": "https://github.com/steveukx/git-js/pull/767",
"name": "https://github.com/steveukx/git-js/pull/767"
Adds CVE-2022-24433
2022-03-11 16:12:05 +00:00
},
{
"-Synchronized-Data."
2022-03-11 16:20:53 +00:00
"refsource": "MISC",
"url": "https://github.com/steveukx/git-js/releases/tag/simple-git%403.3.0",
"name": "https://github.com/steveukx/git-js/releases/tag/simple-git%403.3.0"
Adds CVE-2022-24433
2022-03-11 16:12:05 +00:00
}
]
"-Synchronized-Data."
2022-02-24 15:04:37 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2022-03-11 16:20:53 +00:00
"value": "The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution."
"-Synchronized-Data."
2022-02-24 15:04:37 +00:00
}
]
Adds CVE-2022-24433
2022-03-11 16:12:05 +00:00
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "Alessio Della Libera of Snyk Research Team"
}
]
"-Synchronized-Data."
2022-02-24 15:04:37 +00:00
}
Reference in New Issue Copy Permalink