CVE-2022-25766
published 2022-03-21CVE-2022-25766: The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint…
PriorityP269high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
33.89%
98.2th percentile
The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possible to get arbitrary command execution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ungit_project | ungit | < 1.5.20 | 1.5.20 |
| ungit_project | ungit | >= 0 < 1.5.20 | 1.5.20 |
| ungit_project | ungit | >= unspecified < 1.5.20 | 1.5.20 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Command Injection in ungit
ghsa·2022-03-22
CVE-2022-25766 [HIGH] CWE-77 Command Injection in ungit
Command Injection in ungit
The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possible to get arbitrary command execution.
OSV
Command Injection in ungit
osv·2022-03-22
CVE-2022-25766 [HIGH] Command Injection in ungit
Command Injection in ungit
The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possible to get arbitrary command execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/FredrikNoren/ungit/blob/master/CHANGELOG.md%231520https://github.com/FredrikNoren/ungit/pull/1510https://snyk.io/vuln/SNYK-JS-UNGIT-2414099https://github.com/FredrikNoren/ungit/blob/master/CHANGELOG.md%231520https://github.com/FredrikNoren/ungit/pull/1510https://snyk.io/vuln/SNYK-JS-UNGIT-2414099
2022-03-21
Published