Lucene search
K

53 matches found

RedHat Linux
RedHat Linux
added 2025/01/20 1:40 a.m.2 views

go-git: argument injection via the URL field

An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...

9.8CVSS7.4AI score0.01261EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2025/01/13 12:0 a.m.10 views

The vulnerability of the git-upload-pack method of the go-git library allows a perpetrator to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the git-upload-pack method in the go-git library is related to the implementation or modification of arguments. Exploiting this vulnerability could allow a malicious actor to influence the confidentiality, integrity, and accessibility of the protected information...

10CVSS6.9AI score0.01261EPSS
Exploits0References5Affected Software10
SUSE CVE
SUSE CVE
added 2025/01/10 12:19 a.m.5 views

SUSE CVE-2025-21613

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

8.1CVSS7.4AI score0.01261EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2025/01/06 9:54 p.m.13 views

CVE-2025-21613

An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...

8.1CVSS9.5AI score0.01261EPSS
Exploits0References4
NVD
NVD
added 2025/01/06 5:15 p.m.33 views

CVE-2025-21613

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

9.8CVSS0.01261EPSS
Exploits0References1
OSV
OSV
added 2025/01/06 5:15 p.m.7 views

AZL-55094 CVE-2025-21613 affecting package packer for versions less than 1.9.5-7

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

9.8CVSS6.8AI score0.01261EPSS
Exploits0References1
OSV
OSV
added 2025/01/06 5:15 p.m.3 views

DEBIAN-CVE-2025-21613

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

9.2CVSS7.1AI score0.01261EPSS
Exploits0References1
OSV
OSV
added 2025/01/06 5:15 p.m.4 views

UBUNTU-CVE-2025-21613

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

9.8CVSS6.8AI score0.01261EPSS
Exploits0References4
OSV
OSV
added 2025/01/06 4:13 p.m.23 views

CVE-2025-21613 go-git has an Argument Injection via the URL field

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

9.2CVSS7.3AI score0.01261EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/06 12:0 a.m.5 views

go-git 参数注入漏洞

go-git is go-git open source a highly extensible git implementation library written in pure Go. A parameter injection vulnerability exists in go-git versions prior to v5.13, which stems from the presence of a parameter injection vulnerability that could allow an attacker to set arbitrary values t...

9.8CVSS7.4AI score0.01261EPSS
Exploits0References3
OSV
OSV
added 2024/10/04 3:39 p.m.9 views

CLSA-2024-1728056367 Fix CVE(s): CVE-2024-32465

SECURITY UPDATE: Bypass of protections in untrusted repositories - debian/patches/CVE-2024-32465.patch: Disable lazy-fetching by default in upload-pack to prevent arbitrary command execution during clone/fetch - CVE-2024-32465...

7.8CVSS7.4AI score0.00909EPSS
Exploits0References1
OSV
OSV
added 2024/07/25 5:47 p.m.6 views

CLSA-2024-1721929661 git: Fix of 2 CVEs

CVE-2024-32004: add tests for cloning from partial repo, fetch/clone: detect dubious ownership of local repositories - CVE-2024-32465: upload-pack: disable lazy-fetching by default...

8.1CVSS5.8AI score0.01271EPSS
Exploits0References1
Amazon
Amazon
added 2024/05/15 12:0 a.m.4 views

Important: git

Issue Overview: An issue was discovered in git where a client can convince upload-pack running on a server to allocate arbitrary amounts of memory, resulting in a possible denial of service. Affected Packages: git Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this...

7.1AI score
Exploits0
Amazon
Amazon
added 2024/05/13 12:0 a.m.5 views

Important: git

Issue Overview: An issue was discovered in git where a client can convince upload-pack running on a server to allocate arbitrary amounts of memory, resulting in a possible denial of service. Affected Packages: git Issue Correction: Run dnf update git --releasever 2023.4.20240513 or dnf update...

7AI score
Exploits0
OSV
OSV
added 2022/07/02 12:0 a.m.33 views

GHSA-8JMW-WJR8-2X66 Command injection in git-clone

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git. Credits Credit to @lirantal for discovering this vulnerability...

8.1CVSS5.9AI score0.03227EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/07/02 12:0 a.m.128 views

Command injection in git-clone

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git. Credits Credit to @lirantal for discovering this vulnerability...

10CVSS9.4AI score0.03227EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2022/07/01 8:15 p.m.73 views

CVE-2022-25900

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...

10CVSS0.03227EPSS
Exploits1References2
OSV
OSV
added 2022/07/01 8:15 p.m.5 views

CVE-2022-25900

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...

9.8CVSS7.3AI score0.03227EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/07/01 8:5 p.m.62 views

CVE-2022-25900 Command Injection

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...

8.1CVSS9.9AI score0.03227EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/07/01 8:0 p.m.3 views

CVE-2022-25900

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...

10CVSS7.2AI score0.03227EPSS
Exploits1References3
Rows per page
Query Builder