CVE-2022-25900
Command Injection
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.
Todas las versiones del paquete git-clone son vulnerables a una inyección de comandos debido al uso inseguro de la función --upload-pack de git
*Credits:
Liran Tal
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-02-24 CVE Reserved
- 2022-07-01 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- 2024-10-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://gist.github.com/lirantal/9441f3a1212728476f7a6caa4acb2ccc | 2024-09-17 | |
| https://snyk.io/vuln/SNYK-JS-GITCLONE-2434308 | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Git-clone Project Search vendor "Git-clone Project" | Git-clone Search vendor "Git-clone Project" for product "Git-clone" | * | node.js |
Affected
| ||||||