cvedb.io
CVE-2022-24376
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2022-06-10T20:15:08.010 · Last modified 2026-06-17T04:31:43.503

Summary

All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue.

Affected products

git-promise_project — git-promise

Does this affect you?

Add your gear to cvedb and we'll alert you only when git-promise_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.