cocoapods-downloader 1.6.2
1 security vulnerability
found in version
1.6.2
Command injection in cocoapods-downloader
high severity CVE-2022-24440
high severity
CVE-2022-24440
Patched versions:
= 1.6.0
, >= 1.6.3
Unaffected versions:
>= 1.6.0, < 1.6.2
The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.