Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-11572
Deferred
More InfoOfficial Page
Source-report@snyk.io
View Known Exploited Vulnerability (KEV) details
Published At-09 Jun, 2026 | 06:16
Updated At-09 Jun, 2026 | 14:16

Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec() method by _cloneWithGit() and fetchRefs() functions. An attacker can execute arbitrary operating system commands as the process user by supplying a specially crafted git repository name.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.4HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-78Secondaryreport@snyk.io
CWE-77Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-78
Type: Secondary
Source: report@snyk.io
CWE ID: CWE-77
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gist.github.com/badp3te/cf22a939eedbd3d8ade9123827d61639report@snyk.io
N/A
https://github.com/Rich-Harris/degit/commit/4ac99e4a4c3f53ca3b5c997bcd7542742ad0c443report@snyk.io
N/A
https://github.com/Rich-Harris/degit/commit/d55bfd7cea79c0b387f69ec8477b6c34abf9f226report@snyk.io
N/A
https://security.snyk.io/vuln/SNYK-JS-DEGIT-17116207report@snyk.io
N/A
https://gist.github.com/badp3te/cf22a939eedbd3d8ade9123827d61639134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://gist.github.com/badp3te/cf22a939eedbd3d8ade9123827d61639
Source: report@snyk.io
Resource: N/A
Hyperlink: https://github.com/Rich-Harris/degit/commit/4ac99e4a4c3f53ca3b5c997bcd7542742ad0c443
Source: report@snyk.io
Resource: N/A
Hyperlink: https://github.com/Rich-Harris/degit/commit/d55bfd7cea79c0b387f69ec8477b6c34abf9f226
Source: report@snyk.io
Resource: N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-DEGIT-17116207
Source: report@snyk.io
Resource: N/A
Hyperlink: https://gist.github.com/badp3te/cf22a939eedbd3d8ade9123827d61639
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A
Change History
0Changes found
Details not found