Liran Tal

6 exploits Active since May 2022
CVE-2024-21532 NOMISEC HIGH WORKING POC
NPM Ggit - OS Command Injection
All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API.
CVSS 7.3
CVE-2024-21533 NOMISEC MEDIUM WORKING POC
ggit - Command Injection
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.
CVSS 6.5
CVE-2022-24437 WRITEUP CRITICAL WRITEUP
git-pull-or-clone <2.0.2 - Command Injection
The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a command-line argument to the git clone command and result in arbitrary command injection.
CVSS 9.8
CVE-2022-4366 WRITEUP HIGH WRITEUP
GitHub lirantal/daloradius <master - Info Disclosure
Missing Authorization in GitHub repository lirantal/daloradius prior to master branch.
CVSS 7.5
CVE-2025-54994 WRITEUP CRITICAL WRITEUP
Akoskm Create-mcp-server-stdio < 0.0.13 - OS Command Injection
@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `which-app-on-port` which relies on Node.js child process API `exec` which is an unsafe and vulnerable API if concatenated with untrusted user input. Version 0.0.13 contains a fix for the issue.
CVE-2025-59046 WRITEUP CRITICAL WRITEUP
NPM Interactive-git-checkout - Command Injection
The npm package `interactive-git-checkout` is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via `npm install -g interactive-git-checkout`. Versions up to and including 1.1.4 of the `interactive-git-checkout` tool are vulnerable to a command injection vulnerability because the software passes the branch name to the `git checkout` command using the Node.js child process module's `exec()` function without proper input validation or sanitization. Commit 8dd832dd302af287a61611f4f85e157cd1c6bb41 fixes the issue.
CVSS 9.8