PT-2020-19657 · Unknown · Get-Git-Data

Published

2020-04-02

Updated

2021-07-21

CVE-2020-7619

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions get-git-data versions prior to 1.3.2

Description The issue allows for Command Injection, where an attacker can inject arbitrary commands as part of the arguments provided to get-git-data.

Recommendations For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-7619

GHSA-WJ6H-7CHW-X4H2

SNYK-JS-GETGITDATA-564222

Affected Products

Get-Git-Data

PT-2020-19657 · Unknown · Get-Git-Data

CVE-2020-7619

Weakness Enumeration

Related Identifiers

Affected Products

References · 6