CVE-2022-24066 - OpenCVE

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Simple-git Project	Simple-git

Configuration 1 [-]

cpe:2.3:a:simple-git_project:simple-git:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://gist.github.com/lirantal/a930d902294b833514e821102316426b
https://github.com/steveukx/git-js/commit/2040de601c894363050fef9f28af367b169a56c5
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2434820
https://snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2022-04-01T20:00:16.930499Z

Updated: 2024-09-16T21:08:34.077Z

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-24066

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-04-01T20:15:08.113

Modified: 2023-08-08T14:21:49.707

Link: CVE-2022-24066

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "simple-git", "vendor": "n/a", "versions": [{"lessThan": "3.5.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Liran Tal"}], "datePublic": "2022-04-01T00:00:00", "descriptions": [{"lang": "en", "value": "The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Command Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-01T20:00:16", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2434820"}, {"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/lirantal/a930d902294b833514e821102316426b"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/steveukx/git-js/commit/2040de601c894363050fef9f28af367b169a56c5"}], "title": "Command Injection", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2022-04-01T20:00:01.776777Z", "ID": "CVE-2022-24066", "STATE": "PUBLIC", "TITLE": "Command Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "simple-git", "version": {"version_data": [{"version_affected": "<", "version_value": "3.5.0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Liran Tal"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Command Injection"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306"}, {"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2434820", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2434820"}, {"name": "https://gist.github.com/lirantal/a930d902294b833514e821102316426b", "refsource": "MISC", "url": "https://gist.github.com/lirantal/a930d902294b833514e821102316426b"}, {"name": "https://github.com/steveukx/git-js/commit/2040de601c894363050fef9f28af367b169a56c5", "refsource": "MISC", "url": "https://github.com/steveukx/git-js/commit/2040de601c894363050fef9f28af367b169a56c5"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:59:23.718Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2434820"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gist.github.com/lirantal/a930d902294b833514e821102316426b"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/steveukx/git-js/commit/2040de601c894363050fef9f28af367b169a56c5"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2022-24066", "datePublished": "2022-04-01T20:00:16.930499Z", "dateReserved": "2022-02-24T00:00:00", "dateUpdated": "2024-09-16T21:08:34.077Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:simple-git_project:simple-git:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "56EA77C9-54DC-4923-A371-4A6DCE412177", "versionEndExcluding": "3.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover."}, {"lang": "es", "value": "El paquete simple-git versiones anteriores a 3.5.0, es vulnerable a una inyecci\u00f3n de comandos debido a una correcci\u00f3n incompleta de [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) que s\u00f3lo parchea contra el vector de ataque git fetch. Un uso similar de la funci\u00f3n --upload-pack de git tambi\u00e9n es compatible con git clone, que la correcci\u00f3n anterior no cubr\u00eda"}], "id": "CVE-2022-24066", "lastModified": "2023-08-08T14:21:49.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2022-04-01T20:15:08.113", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/lirantal/a930d902294b833514e821102316426b"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/steveukx/git-js/commit/2040de601c894363050fef9f28af367b169a56c5"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2434820"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "nvd@nist.gov", "type": "Primary"}]}