The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2022-04-19 17:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-25648
Mitre link : CVE-2022-25648
CVE.ORG link : CVE-2022-25648
JSON object : View
Products Affected
fedoraproject
- fedora
- extra_packages_for_enterprise_linux
debian
- debian_linux
git
- git
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')