Lucene search
+L

133 matches found

CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

gitoxide 安全漏洞

GitOxide is a Git implementation written in Rust by Sebastian Thiel. Versions of GitOxide prior to 0.82.0 contained a security vulnerability, which stemmed from improper validation of the update field in.gitmodules. This vulnerability could allow attackers to bypass the...

8.5CVSS6AI score0.00351EPSS
Exploits0References5
OSV
OSV
added 2026/05/05 7:26 p.m.5 views

GHSA-PG4W-G64P-QWHJ gix and gitoxide's symlinked .gitmodules are followed and parsed from outside of the repository

Summary attachments: pocs.zip When Repository::submodules loads submodule metadata, it prefers the worktree .gitmodules file if that path exists. In the current implementation, the path is read with std::fs::read, which follows symlinks. As a result, a repository can present a symlinked .gitmodul...

8.7CVSS6.1AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 7:23 p.m.8 views

gitoxide: CommandForbiddenInModulesConfiguration Bypass in gix_submodule::File::update() Enables Arbitrary Command Execution via .gitmodules

Summary gixsubmodule::File::update is the API that gates whether an attacker-supplied .gitmodules file may set update = !. The function is designed to return ErrCommandForbiddenInModulesConfiguration unless the !command value came from a trusted local source .git/config. Git CVE CVE-2019-19604...

9.3CVSS7.2AI score0.03691EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/05/05 7:23 p.m.9 views

GHSA-F26G-JM89-4G65 gitoxide: CommandForbiddenInModulesConfiguration Bypass in gix_submodule::File::update() Enables Arbitrary Command Execution via .gitmodules

Summary gixsubmodule::File::update is the API that gates whether an attacker-supplied .gitmodules file may set update = !. The function is designed to return ErrCommandForbiddenInModulesConfiguration unless the !command value came from a trusted local source .git/config. Git CVE CVE-2019-19604...

8.5CVSS5.9AI score0.00351EPSS
Exploits0References7
OSV
OSV
added 2026/05/05 7:20 p.m.8 views

GHSA-P3HW-MV63-RF9W gix's submodule name validation bypass + trust inheritance flaw enables path traversal and credential disclosure

Summary Submodule name validation bypass plus missing validation in production code paths allows path traversal via crafted .gitmodules. Combined with a trust inheritance flaw in Submodule::open, this enables reading arbitrary git repository configs including credentials from traversed paths with...

7.5CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.20 views

PT-2026-43251

Name of the Vulnerable Software and Affected Versions gix-submodule versions prior to 0.29.0 gitoxide versions prior to 0.5.21 gix versions prior to 0.84.0 Description Incorrect validation of the update field in .gitmodules allows attackers to bypass the CommandForbiddenInModulesConfiguration gua...

8.5CVSS6.3AI score0.00351EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.15 views

PT-2026-38896

Summary attachments: pocs.zip When Repository::submodules loads submodule metadata, it prefers the worktree .gitmodules file if that path exists. In the current implementation, the path is read with std::fs::read, which follows symlinks. As a result, a repository can present a symlinked .gitmodul...

8.7CVSS6.1AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.9 views

MiracleLinux 4 : git-1.7.1-10.AXS4 (AXSA:2020-4438:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-4438:02 advisory. git: arbitrary code execution via .gitmodules CVE-2018-17456 Tenable has extracted the preceding description block directly from the MiracleLinux security...

9.8CVSS7.9AI score0.97356EPSS
Exploits12References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-0382

Malware in sbrugna...

9.3CVSS9.1AI score0.05198EPSS
Exploits1References7
GithubExploit
GithubExploit
added 2024/05/18 11:23 a.m.83 views

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002 RCE POC A POC for CVE-2024-32002 demonstrating...

9CVSS8.3AI score0.25334EPSS
Exploits32
Tenable Nessus
Tenable Nessus
added 2024/04/18 12:0 a.m.16 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : git Multiple Vulnerabilities (NS-SA-2024-0015)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by multiple vulnerabilities: - Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by...

9.8CVSS8.5AI score0.56334EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.31 views

EulerOS 2.0 SP8 : git (EulerOS-SA-2023-3127)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by...

7.8CVSS7.1AI score0.51883EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2023/12/15 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-3431)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.5AI score0.51883EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2023/09/05 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-2641)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.5AI score0.51883EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/07/18 12:0 a.m.21 views

EulerOS 2.0 SP10 : git (EulerOS-SA-2023-2380)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by...

7.8CVSS7.1AI score0.51883EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2023/07/09 12:0 a.m.27 views

EulerOS 2.0 SP9 : git (EulerOS-SA-2023-2332)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by...

7.8CVSS7.1AI score0.51883EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2023/05/17 12:0 a.m.31 views

Ubuntu 16.04 ESM : Git vulnerabilities (USN-6050-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6050-2 advisory. USN-6050-1 fixed several vulnerabilities in Git. This update provides the corresponding updates for CVE-2023-25652 and CVE-2023-29007 on Ubuntu 16.04 LTS...

7.8CVSS7.9AI score0.51883EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2023/05/01 12:0 a.m.36 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : Git vulnerabilities (USN-6050-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6050-1 advisory. It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting...

7.8CVSS7.3AI score0.51883EPSS
Exploits2References4
NVD
NVD
added 2023/04/25 9:15 p.m.28 views

CVE-2023-29007

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted .gitmodules file with submodule URLs that are longer than 1024 characters can used to exploit a bug in...

7.8CVSS7.6AI score0.06079EPSS
Exploits2References9
OSV
OSV
added 2023/04/25 9:15 p.m.1 views

DEBIAN-CVE-2023-29007

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted .gitmodules file with submodule URLs that are longer than 1024 characters can used to exploit a bug in...

7.8CVSS8AI score0.06079EPSS
Exploits2References1
Rows per page
Query Builder