search

princeton-nlp / SWE-agent

SWE-agent takes a GitHub issue and tries to automatically fix it, using GPT-4, or your LM of choice. It solves 12.47% of bugs in the SWE-bench evaluation set and takes just 1 minute to run.
https://princeton-nlp.github.io/SWE-agent/
MIT License
11.88k stars 1.19k forks source link

Remote code execution in simple-git #561

Closed Nennyfills closed 4 weeks ago

Nennyfills commented 4 weeks ago
Name Details
details Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912.
direct
id GHSA-9w5j-4mwv-2wj8
schema_version 1.6.0
modified 2023-11-08T04:08:49Z
summary Remote code execution in simple-git
published 2023-01-26T21:30:25Z
kev {"is_exploited": false, "added_date": null, "due_date": null}
source_url github.com/react-syntax-highlighter/react-syntax-highlighter
cvss3Score 9.8
vulnerabilityCompoundRisk 1.645108

Link to repo: github.com/react-syntax-highlighter/react-syntax-highlighter