{"vulnerability": "CVE-2022-25860", "sightings": [{"uuid": "e10497fa-87ad-4538-bc8c-869d5a5e5e35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25860", "type": "published-proof-of-concept", "source": "Telegram/61DYlWTca6IkcT_FpN2RYBtwr9MKXFEKysLP63-1xRoUERI", "content": "", "creation_timestamp": "2026-04-13T19:19:04.000000Z"}, {"uuid": "3a11465b-e126-49ad-bf03-b9ddde39b356", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25860", "type": "seen", "source": "https://t.me/cibsecurity/56953", "content": "\u203c CVE-2022-25860 \u203c\n\nVersions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:34:06.000000Z"}, {"uuid": "da46f9ab-35aa-4983-abbf-9bc3fb49ef23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25860", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9917", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-25860\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P)\n\ud83d\udd39 Description: Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization.This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).\n\ud83d\udccf Published: 2023-01-24T05:00:02.399Z\n\ud83d\udccf Modified: 2025-04-01T15:29:18.377Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3177391\n2. https://github.com/steveukx/git-js/pull/881/commits/95459310e5b8f96e20bb77ef1a6559036b779e13\n3. https://github.com/steveukx/git-js/commit/ec97a39ab60b89e870c5170121cd9c1603cc1951", "creation_timestamp": "2025-04-01T15:32:31.000000Z"}]}