Lucene search

GitHub Advisory DatabaseGHSA-8PX5-63X9-5C7P

HistorySep 03, 2020 - 4:47 p.m.

pullit vulnerable to command injection

2020-09-0316:47:30

CWE-77

GitHub Advisory Database

github.com

command injection

pullit

vulnerable

upgrade

arbitrary commands

lirantal

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.8%

JSON

Versions of pullit prior to 1.4.0 are vulnerable to Command Injection. The package does not validate input on git branch names and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system.

Recommendation

Upgrade to version 1.4.0 or later.

Credits

This vulnerability was discovered by @lirantal

Affected configurations

Vulners

Node

pullitRange<1.4.0

VendorProductVersionCPE
*pullit*cpe:2.3:a:*:pullit:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	pullit	*	cpe:2.3:a::pullit::::::::*

References

github.com/advisories/GHSA-8px5-63x9-5c7p

github.com/jkup/pullit/commit/4fec455774ee08f4dce0ef2ef934ffcc37219bfb

github.com/jkup/pullit/issues/23

hackerone.com/reports/315773

nvd.nist.gov/vuln/detail/CVE-2018-25083

security.snyk.io/vuln/npm:pullit:20180214

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.8%

JSON

Related for GHSA-8PX5-63X9-5C7P