Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git git vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-22743
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading sai...
Git For Windows Project Git For Windows
6.5
CVSSv2
CVE-2019-10392
Jenkins Git Client Plugin 2.8.4 and previous versions and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
Jenkins Git Client 3.0.0
Jenkins Git Client
2 Github repositories
7.5
CVSSv2
CVE-2021-3028
git-big-picture prior to 1.0.0 mishandles ' characters in a branch name, leading to code execution.
Git-big-picture Project Git-big-picture
1 Github repository
7.5
CVSSv2
CVE-2019-10776
In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions before 0.22.2.
Git-diff-apply Project Git-diff-apply
NA
CVE-2023-33290
The git-url-parse crate up to and including 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).
Git-url-parse Project Git-url-parse
7.5
CVSSv2
CVE-2020-7619
get-git-data up to and including 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data.
Get-git-data Project Get-git-data
7.5
CVSSv2
CVE-2020-7630
git-add-remote up to and including 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument.
Git-add-remote Project Git-add-remote
4.4
CVSSv2
CVE-2016-9274
Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.
Git For Windows Project Git For Windows
1 Github repository
NA
CVE-2023-29011
Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s confi...
Git For Windows Project Git For Windows
NA
CVE-2023-29012
Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git ...
Git For Windows Project Git For Windows
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »