Description

The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).

Remediation

References

https://github.com/steveukx/git-js/commit/774648049eb3e628379e292ea172dccaba610504

https://github.com/steveukx/git-js/releases/tag/simple-git%403.15.0

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3153532

https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221

https://github.com/steveukx/git-js/blob/main/docs/PLUGIN-UNSAFE-ACTIONS.md%23overriding-allowed-protocols

Related Vulnerabilities

CVE-2019-11343 Vulnerability in maven package org.torpedoquery:org.torpedoquery

CVE-2020-28360 Vulnerability in npm package private-ip

CVE-2022-42004 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2022-25940 Vulnerability in npm package lite-server

CVE-2022-39249 Vulnerability in npm package matrix-js-sdk

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Patch Third Party Advisory Release Notes Exploit Broken Link