CVE-2022-25648

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:git:git:*:*:*:*:*:ruby:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Information

Published : 2022-04-19 10:15

Updated : 2023-02-16 11:28


NVD link : CVE-2022-25648

Mitre link : CVE-2022-25648


JSON object : View

CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

fedoraproject

  • extra_packages_for_enterprise_linux
  • fedora

git

  • git