czproject/git-php is vulnerable to command injection. A remote attacker is able to use additional flags to perform command injections via the isRemoteUrlReadable
function since the url
and refs
parameter passing process to the git ls-remote
subcommand, allows additional flags to be set.
CPE | Name | Operator | Version |
---|---|---|---|
czproject/git-php | le | v4.0.2 | |
czproject/git-php | le | v4.0.2 |