CVE-2022-24437 - OpenCVE

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a command-line argument to the git clone command and result in arbitrary command injection.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Git-pull-or-clone Project	Git-pull-or-clone

Configuration 1 [-]

cpe:2.3:a:git-pull-or-clone_project:git-pull-or-clone:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://gist.github.com/lirantal/327e9dd32686991b5a1fa6341aac2e7b
https://github.com/feross/git-pull-or-clone/commit/f9ce092be13cc32e685dfa26e7705e9c6e3108a3
https://snyk.io/vuln/SNYK-JS-GITPULLORCLONE-2434307

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2022-05-01T15:20:15.509368Z

Updated: 2024-09-16T19:15:08.649Z

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-24437

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-01T16:15:08.423

Modified: 2023-08-08T14:21:49.707

Link: CVE-2022-24437

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "git-pull-or-clone", "vendor": "n/a", "versions": [{"lessThan": "2.0.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Liran Tal of Snyk"}], "datePublic": "2022-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a command-line argument to the git clone command and result in arbitrary command injection."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Command Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-05-01T15:20:15", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-GITPULLORCLONE-2434307"}, {"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/lirantal/327e9dd32686991b5a1fa6341aac2e7b"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/feross/git-pull-or-clone/commit/f9ce092be13cc32e685dfa26e7705e9c6e3108a3"}], "title": "Command Injection", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2022-05-01T15:19:56.531716Z", "ID": "CVE-2022-24437", "STATE": "PUBLIC", "TITLE": "Command Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "git-pull-or-clone", "version": {"version_data": [{"version_affected": "<", "version_value": "2.0.2"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Liran Tal of Snyk"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a command-line argument to the git clone command and result in arbitrary command injection."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Command Injection"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-GITPULLORCLONE-2434307", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-GITPULLORCLONE-2434307"}, {"name": "https://gist.github.com/lirantal/327e9dd32686991b5a1fa6341aac2e7b", "refsource": "MISC", "url": "https://gist.github.com/lirantal/327e9dd32686991b5a1fa6341aac2e7b"}, {"name": "https://github.com/feross/git-pull-or-clone/commit/f9ce092be13cc32e685dfa26e7705e9c6e3108a3", "refsource": "MISC", "url": "https://github.com/feross/git-pull-or-clone/commit/f9ce092be13cc32e685dfa26e7705e9c6e3108a3"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:13:55.640Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JS-GITPULLORCLONE-2434307"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gist.github.com/lirantal/327e9dd32686991b5a1fa6341aac2e7b"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/feross/git-pull-or-clone/commit/f9ce092be13cc32e685dfa26e7705e9c6e3108a3"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2022-24437", "datePublished": "2022-05-01T15:20:15.509368Z", "dateReserved": "2022-02-24T00:00:00", "dateUpdated": "2024-09-16T19:15:08.649Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:git-pull-or-clone_project:git-pull-or-clone:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "D276D621-9F16-483B-B40B-48C6CB75F043", "versionEndExcluding": "2.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a command-line argument to the git clone command and result in arbitrary command injection."}, {"lang": "es", "value": "El paquete git-pull-or-clone versiones anteriores a 2.0.2, es vulnerable a una inyecci\u00f3n de comandos debido al uso de la funci\u00f3n --upload-pack de git, que tambi\u00e9n es compatible con git clone. La fuente incluye el uso de la API spawn() del proceso hijo seguro. Sin embargo, el par\u00e1metro outpath que le es pasado puede ser un argumento de la l\u00ednea de comandos del comando git clone y resultar en una inyecci\u00f3n arbitraria de comandos"}], "id": "CVE-2022-24437", "lastModified": "2023-08-08T14:21:49.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2022-05-01T16:15:08.423", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/lirantal/327e9dd32686991b5a1fa6341aac2e7b"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/feross/git-pull-or-clone/commit/f9ce092be13cc32e685dfa26e7705e9c6e3108a3"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-GITPULLORCLONE-2434307"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "nvd@nist.gov", "type": "Primary"}]}