Vulnerability Details CVE-2022-24376
All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.087
EPSS Ranking 92.1%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 7.5
References
Products affected by CVE-2022-24376
-
cpe:2.3:a:git-promise_project:git-promise:-
-
cpe:2.3:a:git-promise_project:git-promise:0.1.0
-
cpe:2.3:a:git-promise_project:git-promise:0.2.0
-
cpe:2.3:a:git-promise_project:git-promise:0.3.0
-
cpe:2.3:a:git-promise_project:git-promise:0.3.1
-
cpe:2.3:a:git-promise_project:git-promise:1.0.0