CVE-2019-10776

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2.
Configurations

Configuration 1 (hide)

cpe:2.3:a:git-diff-apply_project:git-diff-apply:*:*:*:*:*:*:*:*

History

07 Nov 2023, 03:02

Type Values Removed Values Added
References
  • {'url': 'https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774,', 'name': 'https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774,', 'tags': ['Broken Link'], 'refsource': 'CONFIRM'}
  • () https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774%2C -

Information

Published : 2020-01-07 19:15

Updated : 2023-12-10 13:13


NVD link : CVE-2019-10776

Mitre link : CVE-2019-10776

CVE.ORG link : CVE-2019-10776


JSON object : View

Products Affected

git-diff-apply_project

  • git-diff-apply
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')