Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git git vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-0394
PyGIT.py in the Trac Git plugin (trac-git) prior to 0.0.20080710-3+lenny1 and prior to 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote malicious users to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a...
Nanosleep Trac-git
5.4
CVSSv3
CVE-2020-2113
Jenkins Git Parameter Plugin 0.9.11 and previous versions does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
Jenkins Git Parameter
9.8
CVSSv3
CVE-2015-8969
git-fastclone prior to 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library.
Squareup Git-fastclone
3.3
CVSSv3
CVE-2017-1000242
Jenkins Git Client Plugin 2.4.2 and previous versions creates temporary file with insecure permissions resulting in information disclosure
Jenkins Git Client
6.5
CVSSv3
CVE-2024-23899
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and previous versions does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to ...
Jenkins Git Server
5.4
CVSSv3
CVE-2022-29040
Jenkins Git Parameter Plugin 0.9.15 and previous versions does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Git Parameter
8.8
CVSSv3
CVE-2021-26543
The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1....
Wayfair Git-parse
6.1
CVSSv3
CVE-2018-1000426
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and previous versions in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/confi...
Jenkins Git Changelog
8.8
CVSSv3
CVE-2015-8968
git-fastclone prior to 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an un...
Squareup Git-fastclone
8.8
CVSSv3
CVE-2016-7793
sociomantic-tsunami git-hub prior to 0.10.3 allows remote malicious users to execute arbitrary code via a crafted repository URL.
Sociomantic Git-hub
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »