Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-23632
All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js va...
Git Project Git
7.5
CVSSv2
CVE-2010-2542
Stack-based buffer overflow in the is_git_directory function in setup.c in Git prior to 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.
Git-scm Git
4.3
CVSSv2
CVE-2022-24975
The --mirror documentation for Git up to and including 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror o...
Git-scm Git
10
CVSSv2
CVE-2015-7082
Multiple unspecified vulnerabilities in Git prior to 2.5.4, as used in Apple Xcode prior to 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases.
Git Project Git
4.3
CVSSv2
CVE-2013-0308
The imap-send command in GIT prior to 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitra...
Git-scm Git
5
CVSSv2
CVE-2021-30483
isomorphic-git prior to 1.8.2 allows Directory Traversal via a crafted repository.
Isomorphic-git Isomorphic-git
7.5
CVSSv2
CVE-2022-24376
All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file...
Git-promise Project Git-promise
6.8
CVSSv2
CVE-2017-12976
git-annex prior to 6.20170818 allows remote malicious users to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-20...
Git-annex Project Git-annex
7.5
CVSSv2
CVE-2022-24433
The package simple-git prior to 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possib...
Simple-git Project Simple-git
NA
CVE-2022-25860
Versions of the package simple-git prior to 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.s...
Simple-git Project Simple-git
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »