HIGH🇵🇱 Wersja polska

CVE-2022-25912

CVSS 8.1v3.1pub. 2022-12-06upd. 2025-04-22

The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Simple Git Project Simple Git

    APP
    Simple-Git Project
    < 3.15.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2026-28292CRITICAL9.8PL ✓ten sam produkt

RCE w Simple-Git — ominięcie wcześniejszych poprawek CVE

CVE-2026-6951HIGH8.2ten sam produkt

Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incom...

CVE-2026-28291HIGH8.1ten sam produkt

simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow exec...

CVE-2022-25860HIGH8.1ten sam produkt

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone()...

CVE-2022-24066HIGH8.1ten sam produkt

The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-...