Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:ggit:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Ggit (f59f592b-e5fd-544c-a300-987c7cca5504) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-21533 |
vulnerable | 2026-06-08 06:27:35.501096 |
Details available
MEDIUM (6.5)
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.
Published: 2024-10-08T05:00:05.285Z
Updated: 2026-03-21T22:21:02.144Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21532 |
vulnerable | 2026-06-08 06:27:35.500646 |
Details available
HIGH (7.3)
All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API.
Published: 2024-10-08T05:00:03.891Z
Updated: 2026-03-21T22:20:29.713Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.