CVE-2022-25912

HIGH

Details

CVSS v3: 8.1
NVD published: 2022-12-06 05:15:11
EPSS: 43.3% probability · 97.5th percentile — 2026-04-24
Affected versions: cpe:2.3:a:simple-git_project:simple-git:*:*:*:*:*:node.js:*:*
Summary: The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).
Remediation: Not available in our cache.
Exploit info: https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3153532 https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.