Lucene search

[email protected]NVD:CVE-2022-25912

HistoryDec 06, 2022 - 5:15 a.m.

CVE-2022-25912

2022-12-0605:15:11

CWE-78

[email protected]

web.nvd.nist.gov

simple-git

vulnerability

remote code execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.012 Low

EPSS

Percentile

85.5%

JSON

The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of CVE-2022-24066.

Affected configurations

NVD

Node

simple-git_projectsimple-gitRange<3.15.0node.js

References

github.com/steveukx/git-js/blob/main/docs/PLUGIN-UNSAFE-ACTIONS.md%23overriding-allowed-protocols

github.com/steveukx/git-js/commit/774648049eb3e628379e292ea172dccaba610504

github.com/steveukx/git-js/releases/tag/simple-git%403.15.0

security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3153532

security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.012 Low

EPSS

Percentile

85.5%

JSON

Related for NVD:CVE-2022-25912

veracode2 cve3 osv6 github3 prion3 cvelist3 cnvd1 nvd2 ibm1