Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git git vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33290
The git-url-parse crate up to and including 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).
Git-url-parse Project Git-url-parse
NA
CVE-2023-29011
Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s confi...
Git For Windows Project Git For Windows
NA
CVE-2023-29012
Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git ...
Git For Windows Project Git For Windows
4.4
CVSSv2
CVE-2016-9274
Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.
Git For Windows Project Git For Windows
1 Github repository
NA
CVE-2023-23618
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick u...
Git For Windows Project Git For Windows
NA
CVE-2023-26134
Versions of the package git-commit-info prior to 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject ma...
Git-commit-info Project Git-commit-info
7.5
CVSSv2
CVE-2020-7619
get-git-data up to and including 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data.
Get-git-data Project Get-git-data
7.5
CVSSv2
CVE-2020-7630
git-add-remote up to and including 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument.
Git-add-remote Project Git-add-remote
6.5
CVSSv2
CVE-2019-10392
Jenkins Git Client Plugin 2.8.4 and previous versions and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
Jenkins Git Client 3.0.0
Jenkins Git Client
2 Github repositories
7.5
CVSSv2
CVE-2021-3028
git-big-picture prior to 1.0.0 mishandles ' characters in a branch name, leading to code execution.
Git-big-picture Project Git-big-picture
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »