Vulnerability Details CVE-2022-1440
Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.112
EPSS Ranking 93.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://github.com/yarkeev/git-interface/commit/f828aa790016fee3aa667f7b44cf94bf0aa8c60d
- https://huntr.dev/bounties/cdc25408-d3c1-4a9d-bb45-33b12a715ca1
- https://github.com/yarkeev/git-interface/commit/f828aa790016fee3aa667f7b44cf94bf0aa8c60d
- https://huntr.dev/bounties/cdc25408-d3c1-4a9d-bb45-33b12a715ca1
Products affected by CVE-2022-1440
-
cpe:2.3:a:git-interface_project:git-interface:*