CVE-2024-41956 Soft Serve allows arbitrary code execution by crafting git-lfs requests

🗓️ 01 Aug 2024 22:32:07Reported by GitHub_MType

Soft Serve Git server vulnerable to arbitrary code executio

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 10
osv	CVE-2024-41956	1 Aug 202422:15	–	osv
osv	GO-2024-3019 soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests in github.com/charmbracelet/soft-serve	6 Aug 202422:03	–	osv
osv	GHSA-M445-W3XR-VP2F soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests	2 Aug 202412:51	–	osv
nessus	FreeBSD : soft-serve -- Remote code execution vulnerability (8c342a6c-563f-11ef-a77e-901b0e9408dc)	9 Aug 202400:00	–	nessus
veracode	OS Command Injection	5 Aug 202403:44	–	veracode
vulnrichment	CVE-2024-41956 Soft Serve allows arbitrary code execution by crafting git-lfs requests	1 Aug 202422:07	–	vulnrichment
github	soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests	2 Aug 202412:51	–	github
cve	CVE-2024-41956	1 Aug 202422:15	–	cve
nvd	CVE-2024-41956	1 Aug 202422:15	–	nvd
freebsd	soft-serve -- Remote code execution vulnerability	1 Aug 202400:00	–	freebsd

[
  {
    "vendor": "charmbracelet",
    "product": "soft-serve",
    "versions": [
      {
        "version": "< 0.7.5",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/charmbracelet/soft-serve/security/advisories/GHSA-m445-w3xr-vp2f
github	www.github.com/charmbracelet/soft-serve/commit/4daebdd422a6ba8c04162d023f8be355a8fe3184

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Aug 2024 22:07Current

CVSS38.1

EPSS0.002

CWE-78