In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2.
References
Link | Resource |
---|---|
https://github.com/kellyselden/git-diff-apply/commit/106d61d3ae723b4257c2a13e67b95eb40a27e0b5 | Patch Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774 | Exploit Patch Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774%2C |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2020-01-07T18:27:13
Updated: 2020-01-07T18:27:13
Reserved: 2019-04-03T00:00:00
Link: CVE-2019-10776
JSON object: View
NVD Information
Status : Modified
Published: 2020-01-07T19:15:10.413
Modified: 2023-11-07T03:02:33.757
Link: CVE-2019-10776
JSON object: View
Redhat Information
No data.
CWE