Vulnerability Description
The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possible to get arbitrary command execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ungit Project | Ungit | < 1.5.20 |
Related Weaknesses (CWE)
References
- https://github.com/FredrikNoren/ungit/blob/master/CHANGELOG.md%231520Broken LinkRelease NotesThird Party Advisory
- https://github.com/FredrikNoren/ungit/pull/1510ExploitPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-UNGIT-2414099Release NotesThird Party Advisory
- https://github.com/FredrikNoren/ungit/blob/master/CHANGELOG.md%231520Broken LinkRelease NotesThird Party Advisory
- https://github.com/FredrikNoren/ungit/pull/1510ExploitPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-UNGIT-2414099Release NotesThird Party Advisory
FAQ
What is CVE-2022-25766?
CVE-2022-25766 is a vulnerability with a CVSS score of 8.8 (HIGH). The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are...
How severe is CVE-2022-25766?
CVE-2022-25766 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25766?
Check the references section above for vendor advisories and patch information. Affected products include: Ungit Project Ungit.