Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git git vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-29468
Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a reposito...
Cygwin Git
9.8
CVSSv3
CVE-2014-9390
Git prior to 1.8.5.6, 1.9.x prior to 1.9.5, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.4, and 2.2.x prior to 2.2.1 on Windows and OS X; Mercurial prior to 3.2.3 on Windows and OS X; Apple Xcode prior to 6.2 beta 3; mine all versions prior to 08-12-2014; libgit2 all versions up to 0...
Git-scm Git
Mercurial Mercurial
Apple Xcode 6.2
Apple Xcode
Eclipse Egit
Libgit2 Libgit2
Eclipse Jgit
2 Metasploit modules
4 Github repositories
5.4
CVSSv3
CVE-2022-29040
Jenkins Git Parameter Plugin 0.9.15 and previous versions does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Git Parameter
6.5
CVSSv3
CVE-2024-23899
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and previous versions does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to ...
Jenkins Git Server
8.1
CVSSv3
CVE-2022-36881
Jenkins Git client Plugin 3.11.0 and previous versions does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
Jenkins Git Client
9.8
CVSSv3
CVE-2015-8969
git-fastclone prior to 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library.
Squareup Git-fastclone
5.4
CVSSv3
CVE-2020-2238
Jenkins Git Parameter Plugin 0.9.12 and previous versions does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Git Parameter
NA
CVE-2010-0394
PyGIT.py in the Trac Git plugin (trac-git) prior to 0.0.20080710-3+lenny1 and prior to 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote malicious users to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a...
Nanosleep Trac-git
5.4
CVSSv3
CVE-2020-2112
Jenkins Git Parameter Plugin 0.9.11 and previous versions does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
Jenkins Git Parameter
5.4
CVSSv3
CVE-2020-2113
Jenkins Git Parameter Plugin 0.9.11 and previous versions does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
Jenkins Git Parameter
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »