Published: 26/01/2023 Updated: 02/02/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

Versions of the package simple-git prior to 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).

Vulnerable Product	Search on Vulmon	Subscribe to Product
simple-git project simple-git

Grafana Plugin Validator A tool for validating community plugins for publishing to Grafanacom The tool expects path to either a remote or a local ZIP archive Install cd pkg/cmd/plugincheck2 go install Run Typically running the checker with default settings is the easiest method to see if there are issues with a plugin plugincheck2 -co

NVD-CWE-noinfo https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391 https://github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13 https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951 https://nvd.nist.gov https://github.com/grafana/plugin-validator

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-25860

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect