Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection
Vulnerability Description
The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
cocoapods-downloader 参数注入漏洞
Vulnerability Description
cocoapods-downloader是一个小型库。用于从文件夹中的遥控器下载文件。 cocoapods-downloader 存在安全漏洞,该漏洞源于 git 参数注入。以下产品和版本受到影响:1.6.0 之前版本、1.6.2 版本和 1.6.3 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A