admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-258xx/CVE-2022-25860.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

152 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-25860",
"sourceIdentifier": "report@snyk.io",
"published": "2023-01-26T21:15:31.073",
"lastModified": "2024-11-21T06:53:07.790",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization.\rThis vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).\r\r"
},
{
"lang": "es",
"value": "Las versiones del paquete simple-git anteriores a la 3.16.0 son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de los m\u00e9todos clone(), pull(), push() y listRemote(), debido a una sanitizaci\u00f3n de entrada inadecuada. Esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "report@snyk.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simple-git_project:simple-git:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "3.16.0",
"matchCriteriaId": "76F895F7-B474-402B-A54D-0AD13BFADD65"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951",
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13",
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391",
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink