The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433]( which only patches against the git fetch attack vector. A similar use of the –upload-pack feature of git is also supported for git clone, which the prior fix didn’t cover.

Source: CVE-2022-24066

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 항목은 *(으)로 표시합니다

Time limit is exhausted. Please reload the CAPTCHA.