Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git project git vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-23632
All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js va...
Git Project Git
890
VMScore
CVE-2015-7082
Multiple unspecified vulnerabilities in Git prior to 2.5.4, as used in Apple Xcode prior to 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases.
Git Project Git
668
VMScore
CVE-2008-3546
Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT prior to 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.
Git Git 1.5.5.3
Git Git 1.5.5.4
Git Git 1.5.6.1
Git Git 1.5.6.2
Git Git 1.5.6.3
668
VMScore
CVE-2022-25866
The package czproject/git-php prior to 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that addition...
Git-php Project Git-php
890
VMScore
CVE-2022-25900
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.
Git-clone Project Git-clone
NA
CVE-2022-25912
The package simple-git prior to 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-...
Simple-git Project Simple-git
668
VMScore
CVE-2022-24066
The package simple-git prior to 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of gi...
Simple-git Project Simple-git
668
VMScore
CVE-2021-28955
git-bug prior to 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).
Git-bug Project Git-bug
668
VMScore
CVE-2021-44685
Git-it up to and including 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution).
Git-it Project Git-it
668
VMScore
CVE-2022-24433
The package simple-git prior to 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possib...
Simple-git Project Simple-git
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »