Published: 26/01/2023 Updated: 02/02/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

Vulnerability Summary

Versions of the package simple-git prior to 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

simple-git project simple-git

Github Repositories

Grafana Plugin Validator A tool for validating community plugins for publishing to Grafanacom The tool expects path to either a remote or a local ZIP archive Install cd pkg/cmd/plugincheck2 go install Run Typically running the checker with default settings is the easiest method to see if there are issues with a plugin plugincheck2 -co