Remote Code Execution (RCE) via simple-git package clone(), pull(), push(), and listRemote() methods (CVE-2022-25912)

Remote Code Execution (RCE) via simple-git package clone(), pull(), push(), and listRemote() methods (CVE-2022-25912)

CVE-2022-25860 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).

Learn more about our Web Application Penetration Testing UK.