{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-25860","assignerOrgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","state":"PUBLISHED","assignerShortName":"snyk","dateReserved":"2022-02-24T11:58:25.171Z","datePublished":"2023-01-24T05:00:02.399Z","dateUpdated":"2025-04-01T15:29:18.377Z"},"containers":{"cna":{"metrics":[{"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P"}}],"credits":[{"value":"Santos Gallegos","lang":"en"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-94","description":"Remote Code Execution (RCE)","lang":"en"}]}],"providerMetadata":{"orgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","shortName":"snyk","dateUpdated":"2023-01-24T05:00:02.399Z"},"descriptions":[{"value":"Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization.\rThis vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).\r\r","lang":"en"}],"references":[{"url":"https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391"},{"url":"https://github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13"},{"url":"https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951"}],"affected":[{"product":"simple-git","versions":[{"version":"0","lessThan":"3.16.0","status":"affected","versionType":"semver"}],"vendor":"n/a"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T04:49:44.156Z"},"title":"CVE Program Container","references":[{"url":"https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391","tags":["x_transferred"]},{"url":"https://github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13","tags":["x_transferred"]},{"url":"https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-78","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-01T15:29:00.748383Z","id":"CVE-2022-25860","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-01T15:29:18.377Z"}}]}}