Lucene search
K

163 matches found

RedHat Linux
RedHat Linux
added 2025/12/18 1:21 p.m.4 views

git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

8.6CVSS5.9AI score0.00707EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/12/18 1:21 p.m.7 views

Moderate: Red Hat Security Advisory: ruby:3.3 security update

An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.6CVSS6.7AI score0.00707EPSS
Exploits0References4
OSV
OSV
added 2025/11/11 1:26 p.m.9 views

CLSA-2025-1762867600 git-lfs: Fix of CVE-2024-53263

CVE-2024-53263: fix issue where Git LFS could expose user credentials via URL- encoded control characters in host's URL...

8.5CVSS7.1AI score0.0104EPSS
Exploits0References1
Amazon
Amazon
added 2025/11/10 12:0 a.m.5 views

Important: git-lfs

Issue Overview: Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symboli...

8.6CVSS7.1AI score0.00707EPSS
Exploits1
Fedora
Fedora
added 2025/10/29 1:48 a.m.7 views

[SECURITY] Fedora 42 Update: git-lfs-3.7.1-1.fc42

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...

8.6CVSS7.1AI score0.00707EPSS
Exploits1
Fedora
Fedora
added 2025/10/29 1:28 a.m.9 views

[SECURITY] Fedora 43 Update: git-lfs-3.7.1-1.fc43

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...

8.6CVSS7.1AI score0.00707EPSS
Exploits0
Fedora
Fedora
added 2025/10/29 1:10 a.m.6 views

[SECURITY] Fedora 41 Update: git-lfs-3.7.1-1.fc41

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...

8.6CVSS7.1AI score0.00707EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2025/10/17 11:34 p.m.6 views

SUSE CVE-2025-26625

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...

8.8CVSS7.1AI score0.00707EPSS
Exploits0References7
Rockylinux
Rockylinux
added 2025/10/04 12:11 a.m.5 views

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...

9.8CVSS7.3AI score0.01952EPSS
Exploits0
Wolfi
Wolfi
added 2025/09/20 2:20 p.m.7 views

CVE-2025-47906 vulnerabilities

Vulnerabilities for packages: linkerd2-proxy-init, dagdotdev, custom-pod-autoscaler-operator, lvm-driver, php-fpmexporter, kube-vip, mongodb-kubernetes-operator, blobfuse2, hivemind, newrelic-fluent-bit-output, vexctl, vault-k8s, falco, grafana-operator, rancher-machine, kuberay-operator,...

6.5CVSS6.6AI score0.00489EPSS
Exploits1
Wolfi
Wolfi
added 2025/09/20 2:20 p.m.7 views

GHSA-GWRF-JF3H-W649 vulnerabilities

Vulnerabilities for packages: linkerd2-proxy-init, dagdotdev, custom-pod-autoscaler-operator, lvm-driver, php-fpmexporter, kube-vip, mongodb-kubernetes-operator, blobfuse2, hivemind, newrelic-fluent-bit-output, vexctl, vault-k8s, falco, grafana-operator, rancher-machine, kuberay-operator,...

6.1AI score
Exploits0
NVD
NVD
added 2025/08/29 6:15 p.m.7 views

CVE-2025-58158

Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...

8.8CVSS0.00534EPSS
Exploits0References2
OSV
OSV
added 2025/08/29 5:44 p.m.6 views

CVE-2025-58158 Harness Affected by Arbitrary File Write in Gitness LFS server

Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...

8.8CVSS6.7AI score0.00534EPSS
Exploits0References4
OSV
OSV
added 2025/07/29 1:38 p.m.7 views

RLSA-2025:9060 Moderate: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...

5.4CVSS7.9AI score0.00778EPSS
Exploits0References2
OSV
OSV
added 2025/06/16 12:0 a.m.6 views

ALSA-2025:9063 Moderate: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...

9.1CVSS7.8AI score0.00778EPSS
Exploits0References4
OSV
OSV
added 2025/06/16 12:0 a.m.7 views

ALSA-2025:9106 Moderate: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...

9.1CVSS7.8AI score0.00778EPSS
Exploits0References4
OSV
OSV
added 2025/06/16 12:0 a.m.7 views

ALSA-2025:9060 Moderate: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...

9.1CVSS7.8AI score0.00778EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2025/06/16 12:0 a.m.8 views

Moderate: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...

9.1CVSS7.3AI score0.00778EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2025/06/16 12:0 a.m.7 views

Moderate: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871...

9.1CVSS8.1AI score0.00778EPSS
Exploits0References4
OSV
OSV
added 2025/05/13 12:0 a.m.5 views

ALSA-2025:7256 Moderate: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: crypto/tls: panic when processing post-handshake message on QUIC connections...

9.8CVSS7.6AI score0.01952EPSS
Exploits0References14
Rows per page
Query Builder