CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2022-25866 – Command Injection
https://notcve.org/view.php?id=CVE-2022-25866
25 Apr 2022 — The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. El paquete czproject/git-php versiones anteriores a 4.0.3, es vulnerable a una inyección de comandos por medio de una inyección de argumentos git. C... • https://github.com/czproject/git-php/commit/5e82d5479da5f16d37a915de4ec55e1ac78de733 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •