CVE-2022-25860 Information

Description

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone() pull() push() and listRemote() methods due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912.

Reference

https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391 https://github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13 https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951