CVE-2024-21532

HIGH Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-78
View all →

Vulnerability Description

All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API.

Related Vulnerabilities

CVE-2019-18934

HIGH
CVSS:7.3(High)

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was ...

CWE-782019

CVE-2020-28426

HIGH
CVSS:7.3(High)

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.

CWE-782020

CVE-2020-7778

HIGH
CVSS:7.3(High)

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.

CWE-782020

CVE-2021-23380

HIGH
CVSS:7.3(High)

This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to exec...

CWE-782021

CVE-2021-33633

HIGH
CVSS:7.3(High)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated wit...

CWE-782021

CVE-2021-43266

HIGH
CVSS:7.3(High)

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 2...

CWE-782021