.. / CVE-2022-25912

Exploit for Node.js simple-git < 3.15.0 - Remote Code Execution (CVE-2022-25912)

Description:

The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of CVE-2022-24066.

Proof of Concept

PoC exploit

https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221

Try the exploit in a lab environment:

Lab	Machine	Link
Hack The Box	FormulaX	Go to Practice

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-25912

.. / CVE-2022-25912 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Node.js simple-git < 3.15.0 - Remote Code Execution (CVE-2022-25912)

Description:

Proof of Concept

PoC exploit

Try the exploit in a lab environment:

.. / CVE-2022-25912