Liran Tal

7 exploits Active since May 2022
CVE-2024-21533 NOMISEC MEDIUM WORKING POC
ggit - Arbitrary Argument Injection via clone() API
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.
CVSS 6.5
CVE-2024-21532 NOMISEC HIGH WORKING POC
ggit - OS Command Injection via fetchTags API
All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API.
CVSS 7.3
CVE-2025-24981 WRITEUP CRITICAL WRITEUP
Nuxt MDC <0.13.3 - JavaScript URL Cross-Site Scripting
MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the `javascript:` protocol scheme in the URL. The parsing logic implement in `props.ts` maintains a deny-list approach to filtering potential malicious payload. It does so by matching protocol schemes like `javascript:` and others. These security guards can be bypassed by an adversarial that provides JavaScript URLs with HTML entities encoded via hex string. Users who consume this library and perform markdown parsing from unvalidated sources could result in rendering vulnerable XSS anchor links. This vulnerability has been addressed in version 0.13.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 9.3
CVE-2022-24437 WRITEUP CRITICAL WRITEUP
git-pull-or-clone <2.0.2 - Command Injection
The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a command-line argument to the git clone command and result in arbitrary command injection.
CVSS 9.8
CVE-2022-4366 WRITEUP HIGH WRITEUP
GitHub lirantal/daloradius <master - Info Disclosure
Missing Authorization in GitHub repository lirantal/daloradius prior to master branch.
CVSS 7.5
CVE-2025-54994 WRITEUP CRITICAL WRITEUP
@akoskm/create-mcp-server-stdio < 0.0.13 - OS Command Injection via 'which-app-on-port' Tool
@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `which-app-on-port` which relies on Node.js child process API `exec` which is an unsafe and vulnerable API if concatenated with untrusted user input. Version 0.0.13 contains a fix for the issue.
CVE-2025-59046 WRITEUP CRITICAL WRITEUP
interactive-git-checkout <= 1.1.4 - Command Injection via Branch Name
The npm package `interactive-git-checkout` is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via `npm install -g interactive-git-checkout`. Versions up to and including 1.1.4 of the `interactive-git-checkout` tool are vulnerable to a command injection vulnerability because the software passes the branch name to the `git checkout` command using the Node.js child process module's `exec()` function without proper input validation or sanitization. Commit 8dd832dd302af287a61611f4f85e157cd1c6bb41 fixes the issue.
CVSS 9.8