163 matches found
git-lfs: Git LFS may write to arbitrary files via crafted symlinks
A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...
Moderate: Red Hat Security Advisory: ruby:3.3 security update
An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CLSA-2025-1762867600 git-lfs: Fix of CVE-2024-53263
CVE-2024-53263: fix issue where Git LFS could expose user credentials via URL- encoded control characters in host's URL...
Important: git-lfs
Issue Overview: Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symboli...
[SECURITY] Fedora 42 Update: git-lfs-3.7.1-1.fc42
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...
[SECURITY] Fedora 43 Update: git-lfs-3.7.1-1.fc43
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...
[SECURITY] Fedora 41 Update: git-lfs-3.7.1-1.fc41
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...
SUSE CVE-2025-26625
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
git-lfs security update
An update is available for git-lfs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...
CVE-2025-47906 vulnerabilities
Vulnerabilities for packages: linkerd2-proxy-init, dagdotdev, custom-pod-autoscaler-operator, lvm-driver, php-fpmexporter, kube-vip, mongodb-kubernetes-operator, blobfuse2, hivemind, newrelic-fluent-bit-output, vexctl, vault-k8s, falco, grafana-operator, rancher-machine, kuberay-operator,...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: linkerd2-proxy-init, dagdotdev, custom-pod-autoscaler-operator, lvm-driver, php-fpmexporter, kube-vip, mongodb-kubernetes-operator, blobfuse2, hivemind, newrelic-fluent-bit-output, vexctl, vault-k8s, falco, grafana-operator, rancher-machine, kuberay-operator,...
CVE-2025-58158
Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...
CVE-2025-58158 Harness Affected by Arbitrary File Write in Gitness LFS server
Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...
RLSA-2025:9060 Moderate: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...
ALSA-2025:9063 Moderate: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...
ALSA-2025:9106 Moderate: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...
ALSA-2025:9060 Moderate: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...
Moderate: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...
Moderate: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...
ALSA-2025:7256 Moderate: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: crypto/tls: panic when processing post-handshake message on QUIC connections...