RubyGems package
cocoapods-downloader
pkg:gem/cocoapods-downloader
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-21223 | — | < 1.6.2 | 1.6.2 | Apr 1, 2022 | The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set. The | ||
| CVE-2022-24440 | — | < 1.6.0 | 1.6.0 | Apr 1, 2022 | The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remot |
- CVE-2022-21223Apr 1, 2022affected < 1.6.2fixed 1.6.2
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set. The
- CVE-2022-24440Apr 1, 2022affected < 1.6.0fixed 1.6.0
The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remot