CVE-2022-25648
Command InjectionThe package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
We have discovered 5 live websites that are affected by CVE-2022-25648.
Contact us to get more info
Affected Software
| |
---|
Product | git |
Category | Dev Tools |
Vulnerable Versions | |
Total Vulnerable Versions | 27 |
Vulnerable Domains | 5 live websites (3.70% of git install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-25648 and the relative popularity of websites