Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git project git vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-26134
Versions of the package git-commit-info prior to 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject ma...
Git-commit-info Project Git-commit-info
7.5
CVSSv3
CVE-2023-33290
The git-url-parse crate up to and including 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).
Git-url-parse Project Git-url-parse
9.8
CVSSv3
CVE-2019-10776
In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions before 0.22.2.
Git-diff-apply Project Git-diff-apply
9.8
CVSSv3
CVE-2018-3785
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter.
Git-dummy-commit Project Git-dummy-commit 1.3.0
7.5
CVSSv3
CVE-2021-40899
A Regular Expression Denial of Service (ReDOS) vulnerability exists in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories.
Repo-git-downloader Project Repo-git-downloader 0.1.1
7.5
CVSSv3
CVE-2018-10857
git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.
Git-annex Project Git-annex -
Debian Debian Linux 8.0
7.8
CVSSv3
CVE-2021-21237
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the malicious user to execute arbitrary code. This ...
Git Large File Storage Project Git Large File Storage
7.8
CVSSv3
CVE-2022-24826
On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the malicious user to execute arbitrary code. This does not affect Unix systems....
Git Large File Storage Project Git Large File Storage
8
CVSSv3
CVE-2022-46648
ruby-git versions prior to v1.13.0 allows a remote authenticated malicious user to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318.
Ruby-git Project Ruby-git
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2018-10859
git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored i...
Git-annex Project Git-annex -
Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »