The package git prior to 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
git git |
||
fedoraproject fedora 34 |
||
fedoraproject extra packages for enterprise linux 8.0 |
||
fedoraproject fedora 35 |
||
fedoraproject fedora 36 |
||
debian debian linux 10.0 |