VDB

SNYK-JS-SIMPLEGIT-3112221

SNYK-JS-SIMPLEGIT-3112221 PUBLISHED CVSS 8.100000381469727 HIGH

## Overview [simple-git](https://www.npmjs.com/package/simple-git) is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Remote Code Execution (RCE) when enabling the `ext` transport protocol, which makes it exploitable via `clone()` method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306). ## PoC ```js const simpleGit = require('simple-git') const git2 = simpleGit() git2.clone('ext::sh -c touch% /tmp/pwn% >&2', '/tmp/example-new-repo', ["-c", "protocol.ext.allow=always"]); ``` ## Remediation Upgrade `simple-git` to version 3.15.0 or higher. ## References - [GitHub Commit](https://github.com/steveukx/git-js/commit/774648049eb3e628379e292ea172dccaba610504) - [GitHub Release](https://github.com/steveukx/git-js/releases/tag/simple-git%403.15.0) - [Plugin-Unsafe-Actions Documentation](https://github.com/steveukx/git-js/blob/main/docs/PLUGIN-UNSAFE-ACTIONS.md#overriding-allowed-protocols)

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P

Affected Products

VendorProductVersions
0

Timeline

  • Nov 10, 2022 CVE Updated
  • Dec 5, 2022 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›