Command Injection Affecting git-interface Open this link in a new tab package, versions <2.1.2
Exploit Maturity
Proof of concept
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-JS-GITINTERFACE-2774028
-
published
22 Apr 2022
-
disclosed
22 Apr 2022
-
credit
Liran Tal of Snyk
Introduced: 22 Apr 2022
CVE-2022-1440 Open this link in a new tabHow to fix?
Upgrade git-interface
to version 2.1.2 or higher.
Overview
git-interface is an interface to work with a git repository in node.js
Affected versions of this package are vulnerable to Command Injection. The API may be abused if user input is able to provide a valid directory on disk and supply the destination directory to clone a repository too. If both are provided by user input, then the use of a --upload-pack command line argument feature of git is also supported for git clone, which would then allow for any operating system command to be spawned by the attacker.