CVE-2022-1440

Summary

Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating system command to be spawned by the attacker.

Affected Software

VendorProductVersion RangeStatus
yarkeevyarkeev/git-interfaceunspecified < 2.1.2affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command

ADP Enrichment

CVE Program Container

Additional References

References