Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git project git vulnerabilities and exploits
(subscribe to this query)
8
CVSSv3
CVE-2022-46648
ruby-git versions prior to v1.13.0 allows a remote authenticated malicious user to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318.
Ruby-git Project Ruby-git
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2017-17831
GitHub Git LFS prior to 2.1.1 allows remote malicious users to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.
Git Large File Storage Project Git Large File Storage
9.8
CVSSv3
CVE-2022-24437
The package git-pull-or-clone prior to 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to...
Git-pull-or-clone Project Git-pull-or-clone
7.8
CVSSv3
CVE-2022-24826
On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the malicious user to execute arbitrary code. This does not affect Unix systems....
Git Large File Storage Project Git Large File Storage
7.5
CVSSv3
CVE-2018-10859
git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored i...
Git-annex Project Git-annex -
Debian Debian Linux 8.0
9.8
CVSSv3
CVE-2020-27955
Git LFS 2.12.0 allows Remote Code Execution.
Git Large File Storage Project Git Large File Storage 2.12.0
21 Github repositories
8
CVSSv3
CVE-2022-47318
ruby-git versions prior to v1.13.0 allows a remote authenticated malicious user to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.
Ruby-git Project Ruby-git
Debian Debian Linux 10.0
Fedoraproject Fedora 37
2.2
CVSSv3
CVE-2023-25815
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's ...
Git For Windows Project Git For Windows
Fedoraproject Fedora 37
Fedoraproject Fedora 38
7.8
CVSSv3
CVE-2022-24767
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
Microsoft Visual Studio 2022
Microsoft Visual Studio 2017
Microsoft Visual Studio 2019
Git For Windows Project Git For Windows
5.5
CVSSv3
CVE-2013-1425
ldap-git-backup prior to 1.0.4 exposes password hashes due to incorrect directory permissions.
Ldap Git Backup Project Ldap Git Backup
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »