Vulnerabilities > Simple GIT Project

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2022-25860 Unspecified vulnerability in Simple-Git Project Simple-Git
Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).
network
low complexity
simple-git-project
critical
9.8
2022-12-06 CVE-2022-25912 OS Command Injection vulnerability in Simple-Git Project Simple-Git
The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method.
network
low complexity
simple-git-project CWE-78
critical
9.8
2022-04-01 CVE-2022-24066 Argument Injection or Modification vulnerability in Simple-Git Project Simple-Git
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector.
network
low complexity
simple-git-project CWE-88
critical
9.8
2022-03-11 CVE-2022-24433 Argument Injection or Modification vulnerability in Simple-Git Project Simple-Git
The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection.
network
low complexity
simple-git-project CWE-88
critical
9.8