CVE-2022-25900

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions git-clone versions all

Description The issue is related to Command Injection due to insecure usage of the --upload-pack feature of git. This affects all versions of the git-clone package.

Recommendations For all versions, consider disabling the --upload-pack feature until a patch is available. Restrict access to the git-clone package to minimize the risk of exploitation. Avoid using the --upload-pack feature in the affected git command until the issue is resolved.

Exploit

Fix

Argument Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88CWE-77

Related Identifiers

CVE-2022-25900

GHSA-8JMW-WJR8-2X66

SNYK-JS-GITCLONE-2434308

Affected Products

Git-Clone

CVE-2022-25900

Weakness Enumeration

Related Identifiers

Affected Products

References · 10