All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue.
References
Link | Resource |
---|---|
https://gist.github.com/lirantal/9da1fceb32f5279eb76a5fc1cb9707dd | Exploit Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-GITPROMISE-2434310 | Exploit Third Party Advisory |
Configurations
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-88 |
17 Jun 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
First Time |
Git-promise Project
Git-promise Project git-promise |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:a:git-promise_project:git-promise:*:*:*:*:*:node.js:*:* | |
CWE | CWE-77 | |
References | (CONFIRM) https://gist.github.com/lirantal/9da1fceb32f5279eb76a5fc1cb9707dd - Exploit, Third Party Advisory | |
References | (CONFIRM) https://snyk.io/vuln/SNYK-JS-GITPROMISE-2434310 - Exploit, Third Party Advisory |
10 Jun 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-10 20:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-24376
Mitre link : CVE-2022-24376
CVE.ORG link : CVE-2022-24376
JSON object : View
Products Affected
git-promise_project
- git-promise
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')