CVE-2022-24440 in cocoapods-downloaderinfo

Zusammenfassung

von MITRE • 01.04.2022

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

Snyk

Reservieren

24.02.2022

Veröffentlichung

01.04.2022

Moderieren

akzeptiert

Eintrag

VDB-196306

CPE

bereit

EPSS

0.02713

KEV

nein

Aktivitäten

very low

Quellen

Interested in the pricing of exploits?

See the underground prices here!