CVE-2022-25648


Command Injection

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.


We have discovered 5 live websites that are affected by CVE-2022-25648.

Contact us to get more info



Affected Software

Product  git
Category Dev Tools
Vulnerable Versions
  • from 0 before 1.11
Total Vulnerable Versions27
Vulnerable Domains5 live websites (3.70% of git install base)


Distribution by Website Rank

The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-25648 and the relative popularity of websites


Details

  • Published - Apr 19, 2022
  • Updated - Jan 31, 2023

Credits

  • Alessio Della Libera of Snyk Research Team




Countries

United States4 websites


GB1 websites

TLDs

.org3 websites
.co.uk1 websites
.edu1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


Geographical Distribution

The distribution of websites across the globe that are exposed to CVE-2022-25648 through included software libraries and plugins.



References


Websites affected by CVE-2022-25648

Top websites that are affected by CVE-2022-25648. Please click on the "Contact us" button above to get more information.
DomainCountryRankContacts
***.*******.org United States***,***
***.*********.**.uk GB*,***,***
***.*******.org United States*,***,***
***.*******.org United States**,***,***
***.***.**.********.edu United States**,***,***
See full domain list