Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git project git vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2022-24376
All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file...
Git-promise Project Git-promise
668
VMScore
CVE-2022-24437
The package git-pull-or-clone prior to 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to...
Git-pull-or-clone Project Git-pull-or-clone
668
VMScore
CVE-2022-25866
The package czproject/git-php prior to 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that addition...
Git-php Project Git-php
668
VMScore
CVE-2022-24066
The package simple-git prior to 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of gi...
Simple-git Project Simple-git
668
VMScore
CVE-2021-23632
All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js va...
Git Project Git
668
VMScore
CVE-2022-24433
The package simple-git prior to 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possib...
Simple-git Project Simple-git
668
VMScore
CVE-2021-44685
Git-it up to and including 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution).
Git-it Project Git-it
668
VMScore
CVE-2021-32673
reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote malicious users to execute of arbitrary commands. Upgrade to version 0.10.16 or later to reso...
Reg-keygen-git-hash Project Reg-keygen-git-hash
668
VMScore
CVE-2021-29417
gitjacker prior to 0.1.0 allows remote malicious users to execute arbitrary code via a crafted .git directory because of directory traversal.
Gitjacker Project Gitjacker
668
VMScore
CVE-2021-28955
git-bug prior to 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).
Git-bug Project Git-bug
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »