CVE-2020-7630
https://notcve.org/view.php?id=CVE-2020-7630
git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument. git-add-remote versiones hasta 1.0.0, es vulnerable a una Inyección de Comandos. Lo que permite una ejecución de comandos arbitrarios por medio del argumento name. • https://github.com/jonschlinkert/git-add-remote/blob/master/index.js#L21%2C https://snyk.io/vuln/SNYK-JS-GITADDREMOTE-564269 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2020-7619
https://notcve.org/view.php?id=CVE-2020-7619
get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data. get-git-data versiones hasta 1.3.1, es vulnerable a una Inyección de Comandos. Es posible inyectar comandos arbitrarios como parte de los argumentos proporcionados en get-git-data. • https://github.com/chardos/get-git-data/blob/master/index.js#L7%2C https://snyk.io/vuln/SNYK-JS-GETGITDATA-564222 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2012-6114
https://notcve.org/view.php?id=CVE-2012-6114
The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort. La utilidad git-changelog en git-extras versión 1.7.0, permite a usuarios locales sobrescribir archivos arbitrarios por medio de un ataque de tipo symlink en (1) /tmp/changelog o (2) /tmp/.git-effort. • http://www.openwall.com/lists/oss-security/2013/01/22/8 http://www.openwall.com/lists/oss-security/2013/01/23/5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698490 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2019-10776
https://notcve.org/view.php?id=CVE-2019-10776
In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2. En la línea 240 del archivo "index.js", el comando run ejecuta el comando git con una variable controlada por el usuario llamada remoteUrl. Esto afecta a git-diff-apply todas las versiones anteriores a la versión 0.22.2. • https://github.com/ossf-cve-benchmark/CVE-2019-10776 https://github.com/kellyselden/git-diff-apply/commit/106d61d3ae723b4257c2a13e67b95eb40a27e0b5 https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774 https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774%2C • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2013-1425
https://notcve.org/view.php?id=CVE-2013-1425
ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. ldap-git-backup versiones anteriores a 1.0.4, expone hashes de contraseña debido a permisos de directorio incorrectos. • https://github.com/elmar/ldap-git-backup/commit/a90f3217fce87962db82d212f73af70693087124 https://security-tracker.debian.org/tracker/CVE-2013-1425 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1096253.html • CWE-276: Incorrect Default Permissions •