RubyGems - cocoapods-downloader - Versions - 1.6.2 - Mend

cocoapods-downloader 1.6.2

1 security vulnerability found in version 1.6.2

Command injection in cocoapods-downloader

high severity CVE-2022-24440

Patched versions: = 1.6.0, >= 1.6.3

Unaffected versions: >= 1.6.0, < 1.6.2

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

No officially reported memory leakage issues detected.

This gem version does not have any officially reported memory leaked issues.

No license issues detected.

This gem version has a license in the gemspec.

This gem version is available.

This gem version has not been yanked and is still available for usage.